From 012385495071846e44aed3209245d2f1dcefcfe2 Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <rychkov03@yandex.ru>
Date: Fri, 23 Jan 2026 10:21:07 +0500
Subject: [PATCH 1/5] test: move mailServiceUrl var upper

---
 .github/workflows/deploy-to-prod-from-default.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index deb52c8..1f23fde 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - master
+      - feature/**
 
 jobs:
   docker-build-and-push:
@@ -20,6 +21,7 @@ jobs:
         # Database connection var used in quotes because without them only part of connection string will be used
         run: |
             helmfile cache cleanup && helmfile apply --suppress-diff --namespace "${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }}" -f Api/ci/helmfile.yaml \
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
             --state-values-set image.tag=sha-${{ github.sha }} \
             --state-values-set ingress.hostname="${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}" \
             --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="${{ secrets.INNER_CIRCLE_PROD_AUTH_DB_CONNECTION_STRING }}" \
@@ -27,7 +29,6 @@ jobs:
             --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" \ 
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl="${{ secrets.INNER_CIRCLE_PROD_ACCOUNTS_SERVICE_URL }}" \
-            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_SERVICE_URL }}" > /dev/null 2>&1
 
   run-e2e-tests:

From 1c67f596f9e65358b7f5f0135dd36bf54896bc2a Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <rychkov03@yandex.ru>
Date: Fri, 23 Jan 2026 10:24:00 +0500
Subject: [PATCH 2/5] test: move AuthUiServiceUrl var upper

---
 .github/workflows/deploy-to-prod-from-default.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index 1f23fde..bd52c43 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -22,12 +22,12 @@ jobs:
         run: |
             helmfile cache cleanup && helmfile apply --suppress-diff --namespace "${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }}" -f Api/ci/helmfile.yaml \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set image.tag=sha-${{ github.sha }} \
             --state-values-set ingress.hostname="${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}" \
             --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="${{ secrets.INNER_CIRCLE_PROD_AUTH_DB_CONNECTION_STRING }}" \
             --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \
             --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" \ 
-            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl="${{ secrets.INNER_CIRCLE_PROD_ACCOUNTS_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_SERVICE_URL }}" > /dev/null 2>&1
 

From da01dd6a2b14b76af33630ed63d90fec59f8c96a Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <rychkov03@yandex.ru>
Date: Fri, 23 Jan 2026 10:27:09 +0500
Subject: [PATCH 3/5] test: move Private and Public Signing Keys

---
 .github/workflows/deploy-to-prod-from-default.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index bd52c43..6fe396c 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -5,7 +5,6 @@ on:
     branches:
       - master
       - feature/**
-
 jobs:
   docker-build-and-push:
     uses: ./.github/workflows/.reusable-docker-build-and-push.yml
@@ -21,15 +20,15 @@ jobs:
         # Database connection var used in quotes because without them only part of connection string will be used
         run: |
             helmfile cache cleanup && helmfile apply --suppress-diff --namespace "${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }}" -f Api/ci/helmfile.yaml \
-            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
-            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set image.tag=sha-${{ github.sha }} \
             --state-values-set ingress.hostname="${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}" \
             --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="${{ secrets.INNER_CIRCLE_PROD_AUTH_DB_CONNECTION_STRING }}" \
-            --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \
-            --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" \ 
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl="${{ secrets.INNER_CIRCLE_PROD_ACCOUNTS_SERVICE_URL }}" \
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_SERVICE_URL }}" > /dev/null 2>&1
+            --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \
+            --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" \ 
 
   run-e2e-tests:
     uses: ./.github/workflows/.reusable-e2e-tests-against-prod.yml

From c6338f19694f92b43989c74d107f35767a0b0f7d Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <rychkov03@yandex.ru>
Date: Fri, 23 Jan 2026 10:29:09 +0500
Subject: [PATCH 4/5] fix: move /dev/null

---
 .github/workflows/deploy-to-prod-from-default.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index 6fe396c..46c3d67 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -26,9 +26,9 @@ jobs:
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl="${{ secrets.INNER_CIRCLE_PROD_ACCOUNTS_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
-            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_SERVICE_URL }}" > /dev/null 2>&1
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \
-            --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" \ 
+            --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" > /dev/null 2>&1
 
   run-e2e-tests:
     uses: ./.github/workflows/.reusable-e2e-tests-against-prod.yml

From e40ab1f8024d458a252b3397956cbc2ec3b4c397 Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <rychkov03@yandex.ru>
Date: Fri, 23 Jan 2026 10:39:23 +0500
Subject: [PATCH 5/5] chore: return new secret for mailServiceUrl and add
 explanation for vars placement

---
 .github/workflows/deploy-to-prod-from-default.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index 46c3d67..0405d5c 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches:
       - master
-      - feature/**
+
 jobs:
   docker-build-and-push:
     uses: ./.github/workflows/.reusable-docker-build-and-push.yml
@@ -17,7 +17,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Deploy
-        # Database connection var used in quotes because without them only part of connection string will be used
+        # NOTE: PublicSigningKey and PrivateSigningKey should be placed in the end because for some reason, if we put them upper
+        # then they will break other vars
+        # Also we use quotes because without them some vars (DB Connection) break down
         run: |
             helmfile cache cleanup && helmfile apply --suppress-diff --namespace "${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }}" -f Api/ci/helmfile.yaml \
             --state-values-set image.tag=sha-${{ github.sha }} \
@@ -25,7 +27,7 @@ jobs:
             --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="${{ secrets.INNER_CIRCLE_PROD_AUTH_DB_CONNECTION_STRING }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl="${{ secrets.INNER_CIRCLE_PROD_AUTH_UI_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl="${{ secrets.INNER_CIRCLE_PROD_ACCOUNTS_SERVICE_URL }}" \
-            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.DEV_MAIL_SERVICE_URL }}" \
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl="${{ secrets.INNER_CIRCLE_PROD_MAIL_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_SERVICE_URL }}" \
             --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \
             --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey="${{ secrets.INNER_CIRCLE_PROD_PRIVATE_SIGNING_KEY }}" > /dev/null 2>&1