Skip to content

Commit

Permalink
Switch to 3lvia Vault action
Browse files Browse the repository at this point in the history
  • Loading branch information
baksetercx committed Jan 2, 2025
1 parent 1cf3b96 commit 0171ec8
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 128 deletions.
25 changes: 3 additions & 22 deletions deploy/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,22 +82,6 @@ runs:
if: ${{ inputs.checkout == 'true' }}
uses: actions/checkout@v4

- name: Resolve Vault address and short repository name
shell: bash
run: |
if [[ '${{ inputs.environment }}' == 'dev' || '${{ inputs.environment }}' == 'sandbox' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'prod' ]]; then
echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV"
else
echo 'Unsupported environment: ${{ inputs.environment }}'
exit 1
fi
echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV"
- name: Get federated token for Azure
shell: bash
id: get-federated-token
Expand Down Expand Up @@ -130,16 +114,13 @@ runs:
install_components: 'gke-gcloud-auth-plugin'

- name: Read Grafana secrets from Vault
uses: hashicorp/vault-action@v3
uses: 3lvia/core-github-actions-templates/vault@trunk
with:
url: ${{ env.VAULT_ADDR }}
role: 'jwt-github-${{ inputs.namespace }}-${{ env.REPO_SHORT_NAME }}'
method: 'jwt'
path: 'jwt-github'
system: ${{ inputs.system }}
environment: ${{ inputs.environment }}
secrets: |
monitoring/kv/data/shared grafana_api_url | GRAFANA_URL ;
monitoring/kv/data/shared grafana_editor_api_key | GRAFANA_API_KEY
exportToken: 'true'
- name: Install 3lv CLI
uses: 3lvia/cli/setup@trunk
Expand Down
32 changes: 3 additions & 29 deletions integrationtest/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,39 +38,13 @@ runs:
if: ${{ inputs.checkout == 'true' }}
uses: actions/checkout@v4

- name: Parse input and set environment variables
shell: bash
run: |
# parse inputs
if [[ '${{ inputs.environment }}' == 'dev' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'prod' ]]; then
echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV"
else
echo 'Unsupported environment: ${{ inputs.environment }}'
exit 1
fi
echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV"
- name: Login Vault and export token
uses: hashicorp/vault-action@v3
uses: 3lvia/core-github-actions-templates/vault@trunk
with:
url: ${{ env.VAULT_ADDR }}
role: 'jwt-github-${{ inputs.system }}-${{ env.REPO_SHORT_NAME }}'
method: 'jwt'
path: 'jwt-github'
system: ${{ inputs.system }}
environment: ${{ inputs.environment }}
exportToken: 'true'

- name: Validate Vault
if: failure()
shell: bash
run: |
echo "To access Vault, this repository must be added to https://github.com/3lvia/github-repositories-terraform/tree/trunk/systems"
exit 1
- name: Restore .NET tools
shell: bash
run: dotnet tool restore --tool-manifest '${{ inputs.dotnet-tool-manifest }}'
Expand Down
24 changes: 3 additions & 21 deletions playwright/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,29 +22,11 @@ runs:
if: ${{ inputs.checkout == 'true' }}
uses: actions/checkout@v4

- name: Parse input and set environment variables
shell: bash
run: |
if [[ '${{ inputs.environment }}' == 'dev' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'prod' ]]; then
echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV"
else
echo 'Unsupported environment: ${{ inputs.environment }}'
exit 1
fi
echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV"
- name: Login Vault and export token
uses: hashicorp/vault-action@v3
uses: 3lvia/core-github-actions-templates/vault@trunk
with:
url: ${{ env.VAULT_ADDR }}
role: 'jwt-github-${{ inputs.system }}-${{ env.REPO_SHORT_NAME }}'
method: 'jwt'
path: 'jwt-github'
system: ${{ inputs.system }}
environment: ${{ inputs.environment }}
exportToken: 'true'

- name: Build .NET project
Expand Down
31 changes: 6 additions & 25 deletions slack-message/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,33 +27,12 @@ inputs:
runs:
using: 'composite'
steps:
- name: Set environment variables
if: ${{ inputs.slack-api-token == '' }}
shell: bash
run: |
if [[ '${{ inputs.environment }}' == 'dev' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'prod' ]]; then
echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'sandbox' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
else
echo 'Unsupported environment: ${{ inputs.environment }}'
exit 1
fi
echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV"
- name: Read secrets from Vault
uses: hashicorp/vault-action@v3
- name: Read Slack API token from Vault
if: ${{ inputs.slack-api-token == '' }}
uses: 3lvia/core-github-actions-templates/vault@trunk
with:
url: ${{ env.VAULT_ADDR }}
role: 'jwt-github-${{ inputs.namespace }}-${{ env.REPO_SHORT_NAME }}'
method: 'jwt'
path: 'jwt-github'
system: ${{ inputs.namespace }}
environment: ${{ inputs.environment }}
secrets: |
shared/kv/data/tokens slack-api-token | SLACK_API_TOKEN
Expand All @@ -62,10 +41,12 @@ runs:
run: |
result=$(curl --silent -d '{"channel": "${{ inputs.slack-channel }}", "text": "${{ inputs.message }}"}' -H "Content-type: application/json; charset=utf-8" -H "Authorization: Bearer $SLACK_API_TOKEN" "https://slack.com/api/chat.postMessage")
ok=$(echo "$result" | jq -r '.ok')
if [[ "$ok" == 'true' ]]; then
echo "Sent message to slack channel ${{ inputs.slack-channel }}."
else
error=$(echo "$result" | jq -r '.error')
if [[ $"error" == 'not_in_channel' ]]; then
echo $'::error::\x40Github Workflow Notifications does not have access to the channel ${{ inputs.slack-channel }}, please add it to the channel.'
else
Expand Down
32 changes: 3 additions & 29 deletions validate-metrics/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,39 +27,13 @@ runs:
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

- name: Parse input and set environment variables
shell: bash
run: |
# parse inputs
if [[ '${{ inputs.environment }}' == 'dev' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'prod' ]]; then
echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV"
else
echo 'Unsupported environment: ${{ inputs.environment }}'
exit 1
fi
echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV"
- name: Login Vault and export token
uses: hashicorp/vault-action@v3
uses: 3lvia/core-github-actions-templates/vault@trunk
with:
url: ${{ env.VAULT_ADDR }}
role: 'jwt-github-${{ inputs.system }}-${{ env.REPO_SHORT_NAME }}'
method: 'jwt'
path: 'jwt-github'
system: ${{ inputs.system }}
environment: ${{ inputs.environment }}
exportToken: 'true'

- name: Validate Vault
if: failure()
shell: bash
run: |
echo "To access Vault, this repository must be added to https://github.com/3lvia/github-repositories-terraform/tree/trunk/systems"
exit 1
- name: Run PromQL query
shell: bash
run: |
Expand Down
6 changes: 4 additions & 2 deletions vault/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,10 @@ runs:
shell: bash
run: |
# Set Vault address based on environment
if [[ '${{ inputs.environment }}' == 'dev' || '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.${{ inputs.environment }}-elvia.io' >> "$GITHUB_ENV"
if [[ '${{ inputs.environment }}' == 'dev' || '${{ inputs.environment }}' == 'sandbox' ]]; then
echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'test' ]]; then
echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV"
elif [[ '${{ inputs.environment }}' == 'prod' ]]; then
echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV"
else
Expand Down

0 comments on commit 0171ec8

Please sign in to comment.