-
Notifications
You must be signed in to change notification settings - Fork 64
58 lines (49 loc) · 1.96 KB
/
ensure-uptime-checks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
name: Ensure Uptime Checks
on:
push:
branches:
- master
paths:
# Config of prometheus or hubs might have changed
- helm-charts/**
# Hubs & clusters might be added or removed
- config/clusters/**
# The terraform code for the checks might have changed
- terraform/uptime-checks/**
# The way terraform is deployed might have changed!
- .github/workflows/ensure-uptime-checks.yaml
# When multiple PRs triggering this workflow are merged, queue them instead
# of running them in parallel
# https://github.blog/changelog/2021-04-19-github-actions-limit-workflow-run-or-job-concurrency/
concurrency: uptime-checks
# This environment variable triggers the deployer to colourise print statements in the
# GitHub Actions logs for easy reading
env:
TERM: xterm
jobs:
ensure-uptime-checks:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
# Uptime checks are set up and managed via terraform
- uses: hashicorp/setup-terraform@v3
# We use sops to store encrypted GCP ServiceAccount Key that terraform uses
# to run, as well as PagerDuty config terraform uses
- name: Install sops
uses: mdgreenwald/[email protected]
# Authenticate with the correct KMS key that sops will use.
- name: Setup sops credentials to decrypt repo secrets
uses: google-github-actions/auth@v2
with:
credentials_json: "${{ secrets.GCP_KMS_DECRYPTOR_KEY }}"
- name: ensure uptime checks are set up
run: |
cd terraform/uptime-checks
# Decrypt the GCP ServiceAccount key with permissions to run terraform
sops -d secret/enc-service-account-key.secret.json > service-account-key.json
export GOOGLE_APPLICATION_CREDENTIALS=service-account-key.json
# Setup Terraform
terraform init
# Run terraform automatically
terraform apply -auto-approve