[werft] pull provider secret into build and configure installer

.werft/build.ts

@@ -477,14 +477,26 @@ export async function deployToDevWithInstaller(deploymentConfig: DeploymentConfi
             exec(`yq w -i config.yaml observability.tracing.endpoint ${tracingEndpoint}`, {slice: installerSlices.INSTALLER_RENDER});
         }
 
-        // TODO: Remove this after #6867 is done
-        werft.log("authProviders", "copy authProviders")
+        werft.log("authProviders", "copy authProviders from secret")
         try {
-            exec(`kubectl get secret preview-envs-authproviders --namespace=keys -o yaml \
-                    | yq r - data.authProviders \
+            exec(`for row in $(kubectl get secret preview-envs-authproviders --namespace=keys -o jsonpath="{.data.authProviders}" \
                     | base64 -d -w 0 \
-                    > ./authProviders`, { silent: true });
-            exec(`yq merge --inplace config.yaml ./authProviders`, { silent: true })
+                    | yq r - authProviders -j \
+                    | jq -r 'to_entries | .[] | @base64'); do
+                        key=$(echo $row | base64 -d | jq -r '.key')
+                        providerId=$(echo $row | base64 -d | jq -r '.value.id | ascii_downcase')
+                        data=$(echo $row | base64 -d | yq r - value --prettyPrint)
+
+                        yq w -i ./config.yaml authProviders[$key].kind "secret"
+                        yq w -i ./config.yaml authProviders[$key].name "$providerId"
+
+                        kubectl create secret generic "$providerId" \
+                            --namespace "${namespace}" \
+                            --from-literal=provider="$data" \
+                            --dry-run=client -o yaml | \
+                            kubectl replace --force -f -
+                    done`, { silent: true })
+
             werft.done('authProviders');
         } catch (err) {
             werft.fail('authProviders', err);