fix(helm): prevent JWT secret regeneration on upgrade

helm/cv-app/templates/secret.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.backend.auth.mode "simple" }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,6 +7,5 @@ metadata:
     {{- include "cv-app.labels" . | nindent 4 }}
 type: Opaque
 data:
-  {{- if eq .Values.backend.auth.mode "simple" }}
-  JWT_SECRET: {{ randAlphaNum 32 | b64enc | quote }}
-  {{- end }}
+  JWT_SECRET: {{ .Values.backend.auth.jwtSecret | default (randAlphaNum 32) | b64enc | quote }}
+{{- end }}

helm/cv-app/values.yaml

@@ -14,6 +14,7 @@ backend:
     pullPolicy: IfNotPresent
   auth:
     mode: simple
+    jwtSecret: ""
   keycloak:
     url: ""
     realm: ""