Update main.yml #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD for kbot | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| SECRET_NAME: KBOT_TELE_TOKEN | |
| jobs: | |
| secret: | |
| name: kbot secret | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone Flux repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| repository: 'silhouetteUA/gitops-flux-sops' | |
| path: 'flux-repo' | |
| token: ${{ secrets.MYPAT }} | |
| - name: 'auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| ###### This step is optional ###### | |
| - name: Set up Google Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| ################################## | |
| - name: Install sops | |
| run: | | |
| curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64 && \ | |
| mv sops-v3.8.1.linux.amd64 /usr/local/bin/sops && \ | |
| chmod +x /usr/local/bin/sops && \ | |
| sops -version | |
| - name: Install kubectl | |
| run: | | |
| curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \ | |
| sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \ | |
| kubectl version --client | |
| - name: Prepare an unencrypted file | |
| run: | | |
| kubectl -n course create secret generic kbot-teletoken --from-literal TELE_TOKEN=$(gcloud secrets versions access latest --secret=${{ env.SECRET_NAME }}) --dry-run=client -o yaml > secret.yaml | |
| - name: Encrypt file with sops and deliver it to flux-sync repo | |
| run: | | |
| sops -e -gcp-kms projects/devops-course-prometheus/locations/global/keyRings/sops-flux/cryptoKeys/sops-keys-flux --encrypted-regex '^(TELE_TOKEN)$' secret.yaml > secret-encrypted.yaml | |
| # cat secret-encrypted.yaml | |
| cd flux-repo | |
| mv ../secret-encrypted.yaml cluster/fluxcd-gke/resources | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git add . | |
| git commit -m "encrypted secret added via GitHub Actions pipeline from kbot repo" | |
| git push origin main | |
| ci: | |
| name: continious integration | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set-Up_GOLANG | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.21.3' | |
| - name: Test | |
| run: make test | |
| - name: Info | |
| run: make build-info | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Image | |
| run: make image | |
| - name: Push Image to ghcr.io | |
| run: make push | |
| cd: | |
| name: CD | |
| needs: [ci, secret] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - run: echo "VERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - uses: mikefarah/yq@master | |
| with: | |
| cmd: yq -i '.image.tag=strenv(VERSION)' helm/values.yaml | |
| - run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git commit -am "update version $VERSION" | |
| git push |