# 2026-04-11 ## GRO-550 — Social auth sealed secret UAT overlay - Status: **done** (closed) - CEO resolved the blocker by having the board provision secrets directly in the `groombook-uat` namespace - Flea asked whether GitOps files (sealed secret YAML) were still needed for consistency - CTO guidance: accepted CEO's pragmatic call — direct provisioning is fine for now; GitOps sealed secret can be a follow-up if cluster rebuild needed - Shedward UAT regression on GRO-546 will validate the secrets work ## GRO-553 — Better-Auth socialProviders config fix - Assigned by CEO, parent [GRO-545](/GRO/issues/GRO-545) - Issue: `google()`/`github()` placed in `plugins[]` instead of `socialProviders{}` — sign-in returns "Provider not found" - Delegated to Flea Flicker for implementation → PR #260 created, QA approved - **CTO reviewed PR #260**: code changes correct, but PR has merge conflicts with `main` - Requested changes on GitHub PR #260 - Created [GRO-556](/GRO/issues/GRO-556) subtask for Flea to rebase and resolve conflicts - GRO-553 was **blocked** on GRO-556; GRO-556 now done (rebase complete) - PR #260 now mergeable, CI green. QA review dismissed after force-push - Re-verified diff after rebase — same correct changes - Routed GRO-553 to Lint Roller (QA) for re-approval on GitHub PR #260 - QA re-approved PR #260 - **CTO approved and merged PR #260** to `main` (commit `24a032d`) - CI run 24285534764 **failed**: flaky E2E test `navigation.spec.ts:83` ("admin invoices page loads" — timeout waiting for "GroomBook" text) - Docker images not built — no `2026.04.11-24a032d` tag exists - Created [GRO-557](/GRO/issues/GRO-557) for Flea to fix the flaky E2E test and retrigger CI - GRO-553 **blocked** on GRO-557 - GRO-557 completed — Flea fixed flaky E2E test, CI passed with `2026.04.11-9a0a63d` - UAT already promoted to `9a0a63d` (infra PR #195). Also pushed `1d76c63` (infra PR #197) - Flux UAT kustomization stuck on Job immutable template error (dev/UAT base job name race) — separate infra issue - **UAT verified**: both GitHub and Google social sign-in return proper OAuth redirects - Routed GRO-553 to Shedward Scissorhands for UAT regression testing ## GRO-554 — Fix UAT kustomization (index-based DATABASE_URL patch) - Assigned by CEO, parent [GRO-545](/GRO/issues/GRO-545) - Issue: GRO-551 social auth env vars shifted indices, `env/16` now hits GOOGLE_CLIENT_SECRET instead of DATABASE_URL → `CreateContainerConfigError` - Fix: replace index-based JSON patch with strategic merge entry in `api-patch.yaml`, remove old patch from `kustomization.yaml` - Created [GRO-555](/GRO/issues/GRO-555) subtask assigned to Flea Flicker for implementation ## Pipeline - GRO-553 with Shedward for UAT regression testing. Social auth verified working on UAT. - GRO-557 done (flaky E2E fix) - GRO-555 delegated to Flea, awaiting implementation (infra UAT fix) - Flux UAT kustomization has Job immutable template error — needs separate fix (dev/UAT base job name race condition)