update ssh keys #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: terraform apply | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| apply: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache Homebrew directory | |
| uses: actions/cache@v2 | |
| with: | |
| path: /home/linuxbrew/.linuxbrew | |
| key: ${{ runner.os }}-brew | |
| restore-keys: | | |
| ${{ runner.os }}-brew- | |
| - name: Setup Fluent CI CLI | |
| uses: fluentci-io/setup-fluentci@v5 | |
| - name: Setup Service Account | |
| run: echo $GCP_SERVICE_ACCOUNT > fluentci-086b644d4c53.json | |
| env: | |
| GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Run Terraform Init, Validate, Plan and Apply | |
| run: | | |
| fluentci run terraform init validate plan apply | |
| env: | |
| DAGGER_CLOUD_TOKEN: ${{ secrets.DAGGER_CLOUD_TOKEN }} | |
| GOOGLE_APPLICATION_CREDENTIALS: fluentci-086b644d4c53.json | |
| TF_VERSION: 1.7.3 | |
| TF_VAR_gcp_credentials: fluentci-086b644d4c53.json | |
| TF_VAR_gcp_project: fluentci | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_WORKER_TOKEN }} | |
| TF_VAR_account_id: fe5b1e2ce9f94f4c0415ab94ce402012 | |
| TF_VAR_worker_name: envhub-installer | |
| TF_VAR_secrets: | | |
| { | |
| "cargo_registry_token": "${{ secrets.CARGO_REGISTRY_TOKEN }}", | |
| "cf_aws_access_key_id": "${{ secrets.CF_AWS_ACCESS_KEY_ID }}", | |
| "cf_aws_secret_access_key": "${{ secrets.CF_AWS_SECRET_ACCESS_KEY}}", | |
| "cloudflare_root_key": "${{ secrets.CLOUDFLARE_ROOT_KEY }}", | |
| "cloudflare_worker_token": "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}", | |
| "dagger_cloud_token": "${{ secrets.DAGGER_CLOUD_TOKEN }}", | |
| "deno_deploy_token": "${{ secrets.DENO_DEPLOY_TOKEN }}", | |
| "hex_api_key": "${{ secrets.HEX_API_KEY }}", | |
| "mvola_consumer_key": "${{ secrets.MVOLA_CONSUMER_KEY }}", | |
| "mvola_consumer_secret": "${{ secrets.MVOLA_CONSUMER_SECRET }}", | |
| "netlify_auth_token": "${{ secrets.NETLIFY_AUTH_TOKEN }}", | |
| "pulumi_access_token": "${{ secrets.PULUMI_ACCESS_TOKEN }}", | |
| "shuttle_api_key": "${{ secrets.SHUTTLE_API_KEY }}", | |
| "sonar_token": "${{ secrets.SONAR_TOKEN }}", | |
| "spin_auth_token": "${{ secrets.SPIN_AUTH_TOKEN }}", | |
| "wasmer_token": "${{ secrets.WASMER_TOKEN }}", | |
| } | |
| TF_VAR_secrets_gcp: | | |
| { | |
| "cargo_registry_token": "${{ secrets.CARGO_REGISTRY_TOKEN }}", | |
| "cf_aws_access_key_id": "${{ secrets.CF_AWS_ACCESS_KEY_ID }}", | |
| "cf_aws_secret_access_key": "${{ secrets.CF_AWS_SECRET_ACCESS_KEY}}", | |
| "cloudflare_root_key": "${{ secrets.CLOUDFLARE_ROOT_KEY }}", | |
| "cloudflare_worker_token": "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}", | |
| "dagger_cloud_token": "${{ secrets.DAGGER_CLOUD_TOKEN }}", | |
| "deno_deploy_token": "${{ secrets.DENO_DEPLOY_TOKEN }}", | |
| "hex_api_key": "${{ secrets.HEX_API_KEY }}", | |
| "mvola_consumer_key": "${{ secrets.MVOLA_CONSUMER_KEY }}", | |
| "mvola_consumer_secret": "${{ secrets.MVOLA_CONSUMER_SECRET }}", | |
| "netlify_auth_token": "${{ secrets.NETLIFY_AUTH_TOKEN }}", | |
| "pulumi_access_token": "${{ secrets.PULUMI_ACCESS_TOKEN }}", | |
| "shuttle_api_key": "${{ secrets.SHUTTLE_API_KEY }}", | |
| "sonar_token": "${{ secrets.SONAR_TOKEN }}", | |
| "spin_auth_token": "${{ secrets.SPIN_AUTH_TOKEN }}", | |
| "wasmer_token": "${{ secrets.WASMER_TOKEN }}", | |
| "ssh_private_key": "${{ secrets.SSH_PRIVATE_KEY }}", | |
| "ssh_public_key": "${{ secrets.SSH_PUBLIC_KEY }}", | |
| "gpg_private_key": "${{ secrets.GPG_PRIVATE_KEY }}", | |
| "demo_keys": "${{ secrets.DEMO_KEYS }}", | |
| "ssh_private_key_ed25519": "${{ secrets.SSH_PRIVATE_KEY_ED25519 }}", | |
| "ssh_public_key_ed25519": "${{ secrets.SSH_PUBLIC_KEY_ED25519 }}", | |
| "tea_private_key": "${{ secrets.TEA_PRIVATE_KEY }}", | |
| } | |
| - name: Install Homebrew | |
| run: | | |
| /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
| - name: Verify All secrets (Cloudflare) | |
| run: | | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| brew install httpie | |
| eval "$(http https://install.envhub.sh/secrets "Authorization: Bearer $CLOUDFLARE_ROOT_KEY" "Accept: application/x-sh" --print=b)" | |
| printenv | grep -q '^CARGO_REGISTRY_TOKEN=' | |
| printenv | grep -q '^CF_AWS_ACCESS_KEY_ID=' | |
| printenv | grep -q '^CF_AWS_SECRET_ACCESS_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_ROOT_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_WORKER_TOKEN=' | |
| printenv | grep -q '^DAGGER_CLOUD_TOKEN=' | |
| printenv | grep -q '^DENO_DEPLOY_TOKEN=' | |
| printenv | grep -q '^HEX_API_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_SECRET=' | |
| printenv | grep -q '^NETLIFY_AUTH_TOKEN=' | |
| printenv | grep -q '^PULUMI_ACCESS_TOKEN=' | |
| printenv | grep -q '^SHUTTLE_API_KEY=' | |
| printenv | grep -q '^SONAR_TOKEN=' | |
| printenv | grep -q '^SPIN_AUTH_TOKEN=' | |
| printenv | grep -q '^WASMER_TOKEN=' | |
| env: | |
| CLOUDFLARE_ROOT_KEY: "${{ secrets.CLOUDFLARE_ROOT_KEY }}" | |
| - name: Verify All secrets (Google Secret Manager) | |
| run: | | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| brew install teller | |
| eval "$(teller sh)" | |
| printenv | grep -q '^CARGO_REGISTRY_TOKEN=' | |
| printenv | grep -q '^AWS_ACCESS_KEY_ID=' | |
| printenv | grep -q '^AWS_SECRET_ACCESS_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_ROOT_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_WORKER_TOKEN=' | |
| printenv | grep -q '^DAGGER_CLOUD_TOKEN=' | |
| printenv | grep -q '^DENO_DEPLOY_TOKEN=' | |
| printenv | grep -q '^HEX_API_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_SECRET=' | |
| printenv | grep -q '^NETLIFY_AUTH_TOKEN=' | |
| printenv | grep -q '^PULUMI_ACCESS_TOKEN=' | |
| printenv | grep -q '^SHUTTLE_API_KEY=' | |
| printenv | grep -q '^SONAR_TOKEN=' | |
| printenv | grep -q '^SPIN_AUTH_TOKEN=' | |
| printenv | grep -q '^WASMER_TOKEN=' | |
| printenv | grep -q '^SSH_PRIVATE_KEY=' | |
| printenv | grep -q '^GPG_PRIVATE_KEY=' | |
| env: | |
| GOOGLE_APPLICATION_CREDENTIALS: fluentci-086b644d4c53.json |