Add db host for net policy (#72) #81
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Deploy | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
schedule: | |
- cron: '10 0 * * 0' | |
permissions: | |
id-token: write | |
contents: read | |
packages: write | |
jobs: | |
package: | |
uses: Chia-Network/actions/.github/workflows/docker-build.yaml@main | |
deploy_internal: | |
name: Deploy Internal | |
needs: | |
- package | |
runs-on: [k8s-public-fmt] | |
container: | |
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Vault Login | |
uses: Chia-Network/actions/vault/login@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
role_name: github-block-metrics | |
- name: Get secrets from vault | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ env.VAULT_TOKEN }} | |
secrets: | | |
secret/data/fmt/mysql/db-info host | DB_HOST; | |
secret/data/fmt/mysql/users/block-metrics username | DB_USER; | |
secret/data/fmt/mysql/users/block-metrics password | DB_PASSWORD; | |
secret/data/fmt/k8s/ghcr_image_pull username | IMAGE_PULL_USERNAME; | |
secret/data/fmt/k8s/ghcr_image_pull password | IMAGE_PULL_PASSWORD; | |
secret/data/fmt/k8s/k8s-fmt api_server_url | K8S_API_SERVER_URL; | |
secret/data/fmt/k8s/k8s-fmt private_crt | PRIVATE_CRT; | |
secret/data/fmt/k8s/k8s-fmt private_key | PRIVATE_KEY; | |
secret/data/fmt/k8s/k8s-fmt public_crt | PUBLIC_CRT; | |
secret/data/fmt/k8s/k8s-fmt public_key | PUBLIC_KEY; | |
- name: Get config.yaml | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "CONFIG_YAML<<$EOF" >> $GITHUB_ENV | |
cat k8s/config.yaml >> $GITHUB_ENV | |
echo "$EOF" >> $GITHUB_ENV | |
- name: Login to k8s cluster | |
uses: Chia-Network/actions/vault/k8s-login@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
vault_token: ${{ env.VAULT_TOKEN }} | |
backend_name: k8s-fmt | |
role_name: github-actions | |
cluster_url: ${{ env.K8S_API_SERVER_URL }} | |
- uses: Chia-Network/actions/k8s/image-pull-secret@main | |
with: | |
secret_name: block-metrics-image-pull | |
namespace: block-metrics | |
username: ${{ env.IMAGE_PULL_USERNAME }} | |
password: ${{ env.IMAGE_PULL_PASSWORD }} | |
docker_server: "ghcr.io" | |
- uses: Chia-Network/actions/helm/deploy@main | |
env: | |
DOCKER_TAG: "sha-${{ github.sha }}" | |
with: | |
namespace: "block-metrics" | |
app_name: "block-metrics" | |
helm_chart_repo: "https://chia-network.github.io/helm-charts" | |
helm_chart: "generic" | |
helm_values: "./k8s/internal.yaml" | |
deploy_public: | |
name: Deploy Public | |
needs: | |
- package | |
runs-on: [k8s-public] | |
container: | |
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Vault Login | |
uses: Chia-Network/actions/vault/login@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
role_name: github-block-metrics | |
- name: Get secrets from vault | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ env.VAULT_TOKEN }} | |
secrets: | | |
secret/data/pub-metrics-eks/rds/rds-info db_host | DB_HOST; | |
secret/data/pub-metrics-eks/rds/blocks-write-user username | DB_USER; | |
secret/data/pub-metrics-eks/rds/blocks-write-user password | DB_PASSWORD; | |
secret/data/fmt/k8s/ghcr_image_pull username | IMAGE_PULL_USERNAME; | |
secret/data/fmt/k8s/ghcr_image_pull password | IMAGE_PULL_PASSWORD; | |
secret/data/pub-metrics-eks/chia-certs private_crt | PRIVATE_CRT; | |
secret/data/pub-metrics-eks/chia-certs private_key | PRIVATE_KEY; | |
secret/data/pub-metrics-eks/chia-certs public_crt | PUBLIC_CRT; | |
secret/data/pub-metrics-eks/chia-certs public_key | PUBLIC_KEY; | |
- name: Get config.yaml | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "CONFIG_YAML<<$EOF" >> $GITHUB_ENV | |
cat k8s/config.yaml >> $GITHUB_ENV | |
echo "$EOF" >> $GITHUB_ENV | |
- name: Get ephemeral aws credentials | |
uses: Chia-Network/actions/vault/aws-sts@main | |
with: | |
vault_url: ${{ secrets.VAULT_URL }} | |
vault_token: ${{ env.VAULT_TOKEN }} | |
role_name: pub-metrics-deploy | |
- name: Log in to cluster | |
run: aws eks update-kubeconfig --name pub-metrics --region us-west-2 | |
- uses: Chia-Network/actions/k8s/image-pull-secret@main | |
with: | |
secret_name: block-metrics-image-pull | |
namespace: block-metrics | |
username: ${{ env.IMAGE_PULL_USERNAME }} | |
password: ${{ env.IMAGE_PULL_PASSWORD }} | |
docker_server: "ghcr.io" | |
- uses: Chia-Network/actions/helm/deploy@main | |
env: | |
DOCKER_TAG: "sha-${{ github.sha }}" | |
with: | |
namespace: "block-metrics" | |
app_name: "block-metrics" | |
helm_chart_repo: "https://chia-network.github.io/helm-charts" | |
helm_chart: "generic" | |
helm_values: "./k8s/pub-metrics.yaml" |