Try harder? #251
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Planetary Computer APIs CI/CD | |
| on: | |
| push: | |
| branches: [user/mjm/remove-secret-from-cicd-test] | |
| tags: ["*"] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| # build_and_publish: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@v3 | |
| # - name: Log in with Azure | |
| # uses: azure/login@v1 | |
| # with: | |
| # client-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} | |
| # tenant-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} | |
| # subscription-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} | |
| # - name: Authenticate | |
| # run: ./scripts/ciauthenticate | |
| # # - name: Run cibuild | |
| # # run: ./scripts/cibuild | |
| # - name: Get image tag | |
| # id: get_image_tag | |
| # run: | |
| # case "${GITHUB_REF}" in | |
| # *tags*) | |
| # echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT ; | |
| # echo "acr=pccomponents" >> $GITHUB_OUTPUT | |
| # ;; | |
| # *) | |
| # echo "tag=latest" >> $GITHUB_OUTPUT ; | |
| # echo "acr=pccomponentstest" >> $GITHUB_OUTPUT | |
| # ;; | |
| # esac | |
| # # - name: Publish images | |
| # # run: ./scripts/cipublish --acr ${{steps.get_image_tag.outputs.acr}} --tag ${{steps.get_image_tag.outputs.tag}} | |
| # outputs: | |
| # image_tag: ${{ steps.get_image_tag.outputs.tag }} | |
| deploy: | |
| runs-on: ubuntu-latest | |
| # needs: | |
| # - build_and_publish | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Log in with Azure | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} | |
| tenant-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} | |
| subscription-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} | |
| # - name: Get image tag | |
| # id: get_image_tag | |
| # run: | |
| # case "${GITHUB_REF}" in | |
| # *tags*) | |
| # echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
| # ;; | |
| # *) | |
| # echo "tag=latest" >> $GITHUB_OUTPUT | |
| # ;; | |
| # esac | |
| - name: Deploy | |
| # run: ./scripts/cideploy | |
| env: | |
| IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} | |
| ENVIRONMENT: staging | |
| ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} | |
| ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} | |
| ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} | |
| ARM_USE_OIDC: true | |
| run: | | |
| cd deployment/terraform/staging | |
| ls | |
| echo "Client ID: ${ARM_CLIENT_ID:0:5}" | |
| terraform init |