From c36e25a89fc2b71b91b0f44a65941aa4968fa67c Mon Sep 17 00:00:00 2001 From: Andreas Salhus Bakseter <141913422+baksetercx@users.noreply.github.com> Date: Thu, 2 Jan 2025 15:26:20 +0100 Subject: [PATCH] Switch to 3lvia Vault action --- deploy/action.yml | 25 +++---------------------- integrationtest/action.yml | 32 +++----------------------------- playwright/action.yml | 24 +++--------------------- slack-message/action.yml | 31 ++++++------------------------- validate-metrics/action.yml | 32 +++----------------------------- vault/action.yml | 6 ++++-- 6 files changed, 22 insertions(+), 128 deletions(-) diff --git a/deploy/action.yml b/deploy/action.yml index 1d126098..1c142180 100644 --- a/deploy/action.yml +++ b/deploy/action.yml @@ -82,22 +82,6 @@ runs: if: ${{ inputs.checkout == 'true' }} uses: actions/checkout@v4 - - name: Resolve Vault address and short repository name - shell: bash - run: | - if [[ '${{ inputs.environment }}' == 'dev' || '${{ inputs.environment }}' == 'sandbox' ]]; then - echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'test' ]]; then - echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'prod' ]]; then - echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV" - else - echo 'Unsupported environment: ${{ inputs.environment }}' - exit 1 - fi - - echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV" - - name: Get federated token for Azure shell: bash id: get-federated-token @@ -130,16 +114,13 @@ runs: install_components: 'gke-gcloud-auth-plugin' - name: Read Grafana secrets from Vault - uses: hashicorp/vault-action@v3 + uses: 3lvia/core-github-actions-templates/vault@trunk with: - url: ${{ env.VAULT_ADDR }} - role: 'jwt-github-${{ inputs.namespace }}-${{ env.REPO_SHORT_NAME }}' - method: 'jwt' - path: 'jwt-github' + system: ${{ inputs.system }} + environment: ${{ inputs.environment }} secrets: | monitoring/kv/data/shared grafana_api_url | GRAFANA_URL ; monitoring/kv/data/shared grafana_editor_api_key | GRAFANA_API_KEY - exportToken: 'true' - name: Install 3lv CLI uses: 3lvia/cli/setup@trunk diff --git a/integrationtest/action.yml b/integrationtest/action.yml index c8437954..02fc7c2c 100644 --- a/integrationtest/action.yml +++ b/integrationtest/action.yml @@ -38,39 +38,13 @@ runs: if: ${{ inputs.checkout == 'true' }} uses: actions/checkout@v4 - - name: Parse input and set environment variables - shell: bash - run: | - # parse inputs - if [[ '${{ inputs.environment }}' == 'dev' ]]; then - echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'test' ]]; then - echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'prod' ]]; then - echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV" - else - echo 'Unsupported environment: ${{ inputs.environment }}' - exit 1 - fi - - echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV" - - name: Login Vault and export token - uses: hashicorp/vault-action@v3 + uses: 3lvia/core-github-actions-templates/vault@trunk with: - url: ${{ env.VAULT_ADDR }} - role: 'jwt-github-${{ inputs.system }}-${{ env.REPO_SHORT_NAME }}' - method: 'jwt' - path: 'jwt-github' + system: ${{ inputs.system }} + environment: ${{ inputs.environment }} exportToken: 'true' - - name: Validate Vault - if: failure() - shell: bash - run: | - echo "To access Vault, this repository must be added to https://github.com/3lvia/github-repositories-terraform/tree/trunk/systems" - exit 1 - - name: Restore .NET tools shell: bash run: dotnet tool restore --tool-manifest '${{ inputs.dotnet-tool-manifest }}' diff --git a/playwright/action.yml b/playwright/action.yml index 4751d58e..cd763b80 100644 --- a/playwright/action.yml +++ b/playwright/action.yml @@ -22,29 +22,11 @@ runs: if: ${{ inputs.checkout == 'true' }} uses: actions/checkout@v4 - - name: Parse input and set environment variables - shell: bash - run: | - if [[ '${{ inputs.environment }}' == 'dev' ]]; then - echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'test' ]]; then - echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'prod' ]]; then - echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV" - else - echo 'Unsupported environment: ${{ inputs.environment }}' - exit 1 - fi - - echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV" - - name: Login Vault and export token - uses: hashicorp/vault-action@v3 + uses: 3lvia/core-github-actions-templates/vault@trunk with: - url: ${{ env.VAULT_ADDR }} - role: 'jwt-github-${{ inputs.system }}-${{ env.REPO_SHORT_NAME }}' - method: 'jwt' - path: 'jwt-github' + system: ${{ inputs.system }} + environment: ${{ inputs.environment }} exportToken: 'true' - name: Build .NET project diff --git a/slack-message/action.yml b/slack-message/action.yml index c534494d..a7e5ba70 100644 --- a/slack-message/action.yml +++ b/slack-message/action.yml @@ -27,33 +27,12 @@ inputs: runs: using: 'composite' steps: - - name: Set environment variables - if: ${{ inputs.slack-api-token == '' }} - shell: bash - run: | - if [[ '${{ inputs.environment }}' == 'dev' ]]; then - echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'test' ]]; then - echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'prod' ]]; then - echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'sandbox' ]]; then - echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" - else - echo 'Unsupported environment: ${{ inputs.environment }}' - exit 1 - fi - - echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV" - - - name: Read secrets from Vault - uses: hashicorp/vault-action@v3 + - name: Read Slack API token from Vault if: ${{ inputs.slack-api-token == '' }} + uses: 3lvia/core-github-actions-templates/vault@trunk with: - url: ${{ env.VAULT_ADDR }} - role: 'jwt-github-${{ inputs.namespace }}-${{ env.REPO_SHORT_NAME }}' - method: 'jwt' - path: 'jwt-github' + system: ${{ inputs.system }} + environment: ${{ inputs.environment }} secrets: | shared/kv/data/tokens slack-api-token | SLACK_API_TOKEN @@ -62,10 +41,12 @@ runs: run: | result=$(curl --silent -d '{"channel": "${{ inputs.slack-channel }}", "text": "${{ inputs.message }}"}' -H "Content-type: application/json; charset=utf-8" -H "Authorization: Bearer $SLACK_API_TOKEN" "https://slack.com/api/chat.postMessage") ok=$(echo "$result" | jq -r '.ok') + if [[ "$ok" == 'true' ]]; then echo "Sent message to slack channel ${{ inputs.slack-channel }}." else error=$(echo "$result" | jq -r '.error') + if [[ $"error" == 'not_in_channel' ]]; then echo $'::error::\x40Github Workflow Notifications does not have access to the channel ${{ inputs.slack-channel }}, please add it to the channel.' else diff --git a/validate-metrics/action.yml b/validate-metrics/action.yml index 3be49a1a..0d83957c 100644 --- a/validate-metrics/action.yml +++ b/validate-metrics/action.yml @@ -27,39 +27,13 @@ runs: with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Parse input and set environment variables - shell: bash - run: | - # parse inputs - if [[ '${{ inputs.environment }}' == 'dev' ]]; then - echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'test' ]]; then - echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV" - elif [[ '${{ inputs.environment }}' == 'prod' ]]; then - echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV" - else - echo 'Unsupported environment: ${{ inputs.environment }}' - exit 1 - fi - - echo "REPO_SHORT_NAME=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_ENV" - - name: Login Vault and export token - uses: hashicorp/vault-action@v3 + uses: 3lvia/core-github-actions-templates/vault@trunk with: - url: ${{ env.VAULT_ADDR }} - role: 'jwt-github-${{ inputs.system }}-${{ env.REPO_SHORT_NAME }}' - method: 'jwt' - path: 'jwt-github' + system: ${{ inputs.system }} + environment: ${{ inputs.environment }} exportToken: 'true' - - name: Validate Vault - if: failure() - shell: bash - run: | - echo "To access Vault, this repository must be added to https://github.com/3lvia/github-repositories-terraform/tree/trunk/systems" - exit 1 - - name: Run PromQL query shell: bash run: | diff --git a/vault/action.yml b/vault/action.yml index 428f1e80..56afb739 100644 --- a/vault/action.yml +++ b/vault/action.yml @@ -21,8 +21,10 @@ runs: shell: bash run: | # Set Vault address based on environment - if [[ '${{ inputs.environment }}' == 'dev' || '${{ inputs.environment }}' == 'test' ]]; then - echo 'VAULT_ADDR=https://vault.${{ inputs.environment }}-elvia.io' >> "$GITHUB_ENV" + if [[ '${{ inputs.environment }}' == 'dev' || '${{ inputs.environment }}' == 'sandbox' ]]; then + echo 'VAULT_ADDR=https://vault.dev-elvia.io' >> "$GITHUB_ENV" + elif [[ '${{ inputs.environment }}' == 'test' ]]; then + echo 'VAULT_ADDR=https://vault.test-elvia.io' >> "$GITHUB_ENV" elif [[ '${{ inputs.environment }}' == 'prod' ]]; then echo 'VAULT_ADDR=https://vault.elvia.io' >> "$GITHUB_ENV" else