Bump hashicorp/vault-action from 2 to 3 (#61) #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Deploy | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
schedule: | |
- cron: '10 0 * * 0' | |
permissions: | |
id-token: write | |
contents: read | |
packages: write | |
jobs: | |
package: | |
uses: Chia-Network/actions/.github/workflows/docker-build.yaml@main | |
deploy_internal: | |
name: Deploy Internal | |
needs: | |
- package | |
runs-on: [k8s-public] | |
container: | |
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Vault Login | |
uses: Chia-Network/actions/vault/login@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
role_name: github-block-metrics | |
- name: Get secrets from vault | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ env.VAULT_TOKEN }} | |
secrets: | | |
secret/data/fmt/mysql1/db-info host | DB_HOST; | |
secret/data/fmt/mysql1/users/blocks-write-user username | DB_USER; | |
secret/data/fmt/mysql1/users/blocks-write-user password | DB_PASSWORD; | |
secret/data/fmt/k8s/ghcr_image_pull username | IMAGE_PULL_USERNAME; | |
secret/data/fmt/k8s/ghcr_image_pull password | IMAGE_PULL_PASSWORD; | |
secret/data/fmt/k8s/fmt-k8s-internal api_server_url | K8S_API_SERVER_URL; | |
secret/data/fmt/k8s/fmt-k8s-internal private_crt | PRIVATE_CRT; | |
secret/data/fmt/k8s/fmt-k8s-internal private_key | PRIVATE_KEY; | |
secret/data/fmt/k8s/fmt-k8s-internal public_crt | PUBLIC_CRT; | |
secret/data/fmt/k8s/fmt-k8s-internal public_key | PUBLIC_KEY; | |
- name: Get config.yaml | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "CONFIG_YAML<<$EOF" >> $GITHUB_ENV | |
cat k8s/config.yaml >> $GITHUB_ENV | |
echo "$EOF" >> $GITHUB_ENV | |
- name: Login to k8s cluster | |
uses: Chia-Network/actions/vault/k8s-login@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
vault_token: ${{ env.VAULT_TOKEN }} | |
backend_name: fmt-k8s-internal | |
role_name: github-actions | |
cluster_url: ${{ env.K8S_API_SERVER_URL }} | |
- uses: Chia-Network/actions/k8s/image-pull-secret@main | |
with: | |
secret_name: block-metrics-image-pull | |
namespace: block-metrics | |
username: ${{ env.IMAGE_PULL_USERNAME }} | |
password: ${{ env.IMAGE_PULL_PASSWORD }} | |
docker_server: "ghcr.io" | |
- uses: Chia-Network/actions/helm/deploy@main | |
env: | |
DOCKER_TAG: "sha-${{ github.sha }}" | |
with: | |
namespace: "block-metrics" | |
app_name: "block-metrics" | |
helm_chart_repo: "https://chia-network.github.io/helm-charts" | |
helm_chart: "generic" | |
helm_values: "./k8s/internal.yaml" | |
deploy_public: | |
name: Deploy Public | |
needs: | |
- package | |
runs-on: [k8s-public] | |
container: | |
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Vault Login | |
uses: Chia-Network/actions/vault/login@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
role_name: github-block-metrics | |
- name: Get secrets from vault | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ env.VAULT_TOKEN }} | |
secrets: | | |
secret/data/pub-metrics-eks/rds/rds-info db_host | DB_HOST; | |
secret/data/pub-metrics-eks/rds/blocks-write-user username | DB_USER; | |
secret/data/pub-metrics-eks/rds/blocks-write-user password | DB_PASSWORD; | |
secret/data/fmt/k8s/ghcr_image_pull username | IMAGE_PULL_USERNAME; | |
secret/data/fmt/k8s/ghcr_image_pull password | IMAGE_PULL_PASSWORD; | |
secret/data/pub-metrics-eks/chia-certs private_crt | PRIVATE_CRT; | |
secret/data/pub-metrics-eks/chia-certs private_key | PRIVATE_KEY; | |
secret/data/pub-metrics-eks/chia-certs public_crt | PUBLIC_CRT; | |
secret/data/pub-metrics-eks/chia-certs public_key | PUBLIC_KEY; | |
- name: Get config.yaml | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "CONFIG_YAML<<$EOF" >> $GITHUB_ENV | |
cat k8s/config.yaml >> $GITHUB_ENV | |
echo "$EOF" >> $GITHUB_ENV | |
- name: Get ephemeral aws credentials | |
uses: Chia-Network/actions/vault/aws-sts@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
vault_token: ${{ env.VAULT_TOKEN }} | |
role_name: pub-metrics-deploy | |
- name: Log in to cluster | |
run: aws eks update-kubeconfig --name pub-metrics --region us-west-2 | |
- uses: Chia-Network/actions/k8s/image-pull-secret@main | |
with: | |
secret_name: block-metrics-image-pull | |
namespace: block-metrics | |
username: ${{ env.IMAGE_PULL_USERNAME }} | |
password: ${{ env.IMAGE_PULL_PASSWORD }} | |
docker_server: "ghcr.io" | |
- uses: Chia-Network/actions/helm/deploy@main | |
env: | |
DOCKER_TAG: "sha-${{ github.sha }}" | |
with: | |
namespace: "block-metrics" | |
app_name: "block-metrics" | |
helm_chart_repo: "https://chia-network.github.io/helm-charts" | |
helm_chart: "generic" | |
helm_values: "./k8s/pub-metrics.yaml" |