diff --git a/.gitea/workflows/docker-build-and-push.yaml b/.gitea/workflows/docker-build-and-push.yaml index c7f2253..480684f 100644 --- a/.gitea/workflows/docker-build-and-push.yaml +++ b/.gitea/workflows/docker-build-and-push.yaml @@ -27,12 +27,6 @@ jobs: image: catthehacker/ubuntu:act-22.04 steps: - - - name: Checkout code - uses: actions/checkout@v3 - with: - submodules: recursive - fetch-depth: 0 - name: Import Secrets uses: hashicorp/vault-action@v2 @@ -42,6 +36,14 @@ jobs: secrets: | cicd/data/docker password | REGISTRY_PASSWORD ; cicd/data/docker username | REGISTRY_USERNAME ; + cicd/data/submodule token | SUBMODULE_TOKEN ; + + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + token: ${{ env.SUBMODULE_TOKEN }} - name: Set up Docker BuildX uses: docker/setup-buildx-action@v2 diff --git a/.gitea/workflows/k8s-deploy.yml b/.gitea/workflows/k8s-deploy.yml index c56124c..c8959bf 100644 --- a/.gitea/workflows/k8s-deploy.yml +++ b/.gitea/workflows/k8s-deploy.yml @@ -42,6 +42,18 @@ on: required: true type: string description: Kubeconf secret path in vault for prod + HELM_VERSION: + type: string + default: 3.17 + description: Last stable with our chart's + ENABLE_CUSTOM_SET: + type: string + default: "false" + description: Last stable with our chart's + CUSTOM_HELM_SET: + type: string + default: "" + description: Last stable with our chart's secrets: VAULT_TOKEN: required: true @@ -90,17 +102,38 @@ jobs: - name: Install helm uses: azure/setup-helm@v4.2.0 with: - version: latest + version: ${{ inputs.HELM_VERSION }} - name: Set up Kubectl uses: azure/k8s-set-context@v4 with: kubeconfig: ${{ env.KUBECONFIG }} + - name: Set EXTRA_ARGS if ENABLE_CUSTOM_SET is true + run: | + if [ "${{ inputs.ENABLE_CUSTOM_SET }}" = "true" ]; then + echo "CUSTOM_HELM_SET_TEMPLATE=${{ inputs.CUSTOM_HELM_SET }}" >> "$GITHUB_ENV" + else + echo "CUSTOM_HELM_SET_TEMPLATE=" >> "$GITHUB_ENV" + fi + + - name: Install envsubst + run: | + sudo apt-get update && sudo apt-get install -y gettext + + - name: Render and export EXTRA_ARGS + run: | + if [ -n "$CUSTOM_HELM_SET_TEMPLATE" ]; then + export EXTRA_ARGS=$(echo "$CUSTOM_HELM_SET_TEMPLATE" | envsubst) + else + export EXTRA_ARGS="" + fi + echo "EXTRA_ARGS=$EXTRA_ARGS" >> "$GITHUB_ENV" + - name: Install chart run: | helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait ${{ inputs.APP_NAME }} ./chart \ --namespace ${{ env.NAMESPACE }} \ --set image.repository=${{ inputs.REGISTRY }}/${{ inputs.REGISTRY_USER }}/${{ inputs.APP_NAME }} \ --set image.tag=${{ env.VERSION }} \ - -f ${{ env.VALUES_FILE }} \ No newline at end of file + -f ${{ env.VALUES_FILE }} ${{ env.EXTRA_ARGS }} \ No newline at end of file diff --git a/.gitea/workflows/prisma-migrate.yaml b/.gitea/workflows/prisma-migrate.yaml index efa6b59..4628bb3 100644 --- a/.gitea/workflows/prisma-migrate.yaml +++ b/.gitea/workflows/prisma-migrate.yaml @@ -22,8 +22,20 @@ jobs: image: catthehacker/ubuntu:act-22.04 steps: - - name: Checkout repo - uses: actions/checkout@v3 + - name: Import Common Secrets + uses: hashicorp/vault-action@v2 + with: + url: https://vault.project-quest-dev.com + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + cicd/data/submodule token | SUBMODULE_TOKEN ; + + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + token: ${{ env.SUBMODULE_TOKEN }} - name: Setup Node uses: actions/setup-node@v3