added changes #21
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test_deployment | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| env: | |
| DOCKER_HUB_ORG: gioelkin | |
| # DOCKER_HUB_ORG: ciroh | |
| DOCKER_REPO: tethysapp-ciroh-portal | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| deploy-fake: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| env: | |
| AWS_REGION: us-east-1 | |
| CLUSTER_NAME: ciroh-portal-prod | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: kubeconfig | |
| run: | | |
| aws eks update-kubeconfig --name ${{ env.CLUSTER_NAME }} --region ${{ env.AWS_REGION }} --kubeconfig ./kubeconfig | |
| echo 'KUBE_CONFIG_DATA<<EOF' >> $GITHUB_ENV | |
| echo $(cat ./kubeconfig | base64) >> $GITHUB_ENV | |
| echo 'EOF' >> $GITHUB_ENV | |
| - name: Set Tag | |
| run: | | |
| echo "TAG=dev_${GITHUB_SHA}" >> $GITHUB_ENV | |
| echo "TAG_LATEST=dev_latest" >> $GITHUB_ENV | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v4 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| - name: import secring | |
| run: | | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| gpgconf --reload gpg-agent | |
| gpg --batch --export-secret-keys > ~/.gnupg/secring.gpg | |
| - name: helm deploy | |
| uses: koslib/helm-eks-action@master | |
| env: | |
| KUBE_CONFIG_DATA: ${{ env.KUBE_CONFIG_DATA }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| with: | |
| plugins: 'https://github.com/jkroepke/helm-secrets' | |
| command: helm repo add tethysportal-ciroh https://docs.ciroh.org/tethysportal-ciroh && echo $GPG_PASSPHRASE | helm secrets upgrade cirohportal-prod tethysportal-ciroh/ciroh --install --dry-run --timeout=3600s -f charts/ciroh/ci/prod_aws_values.yaml -f charts/ciroh/ci/secrets.yaml --set storageClass.parameters.fileSystemId=${{ secrets.FILE_SYSTEM_ID }} --set image.tag=${{ env.TAG }} --namespace cirohportal | |
| # - name: export secring | |
| # run: | | |
| # echo "${{ secrets.PASSPHRASE }}" | gpg --batch --pinentry-mode loopback --passphrase-fd 0 --import | |
| # echo $PASSPHRASE | gpg --export-secret-keys > ~/.gnupg/secring.gpg |