Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Containers/talk/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.9-scratch AS nats
+FROM nats:2.11.8-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus

php/src/Container/Container.php

@@ -19,6 +19,8 @@ readonly class Container {
         private ContainerEnvironmentVariables $containerEnvironmentVariables,
         /** @var string[] */
         private array                         $dependsOn,
+        /** @var string[] */
+        private array                         $secrets,
         private string                        $uiSecret,
         /** @var string[] */
         private array                         $devices,
@@ -80,6 +82,10 @@ readonly class Container {
         return $this->maxShutdownTime;
     }
 
+    public function GetSecrets() : array {
+        return $this->secrets;
+    }
+
     public function GetUiSecret() : string {
         return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
     }

php/src/ContainerDefinitionFetcher.php

@@ -239,12 +239,9 @@ readonly class ContainerDefinitionFetcher {
                 $internalPort = $entry['internal_port'];
             }
 
+            $secrets = [];
             if (isset($entry['secrets'])) {
-                // All secrets are registered with the configuration when they 
-                // are discovered so they can be later generated at time-of-use.
-                foreach ($entry['secrets'] as $secret) {
-                    $this->configurationManager->RegisterSecret($secret);
-                }
+                $secrets = $entry['secrets'];
             }
 
             $uiSecret = '';
@@ -323,6 +320,7 @@ readonly class ContainerDefinitionFetcher {
                 $volumes,
                 $variables,
                 $dependsOn,
+                $secrets,
                 $uiSecret,
                 $devices,
                 $enableNvidiaGpu,

php/src/Data/ConfigurationManager.php

@@ -7,8 +7,6 @@ use AIO\Controller\DockerController;
 
 class ConfigurationManager
 {
-    private array $secrets = [];
-
     public function GetConfig() : array
     {
         if(file_exists(DataConst::GetConfigFile()))
@@ -52,15 +50,13 @@ class ConfigurationManager
         return $config['secrets'][$secretId];
     }
 
-    public function GetRegisteredSecret(string $secretId) : string {
-        if ($this->secrets[$secretId]) {
-            return $this->GetAndGenerateSecret($secretId);
+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
         }
-        throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json.");
-    }
 
-    public function RegisterSecret(string $secretId) : void {
-        $this->secrets[$secretId] = true;
+        return $config['secrets'][$secretId];
     }
 
     private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {

php/src/Docker/DockerActionManager.php

@@ -221,6 +221,10 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
+        foreach ($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
         $aioVariables = $container->GetAioVariables()->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
@@ -562,10 +566,18 @@ readonly class DockerActionManager {
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
-            default => $this->configurationManager->GetRegisteredSecret($placeholder),
+            default => $this->getSecretOrThrow($placeholder),
         };
     }
 
+    private function getSecretOrThrow(string $secretName): string {
+        $secret = $this->configurationManager->GetSecret($secretName);
+        if ($secret === "") {
+            throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
+        }
+        return $secret;
+    }
+
     private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);