add my ssh and gpg private keys #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: terraform apply | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| apply: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache Homebrew directory | |
| uses: actions/cache@v2 | |
| with: | |
| path: /home/linuxbrew/.linuxbrew | |
| key: ${{ runner.os }}-brew | |
| restore-keys: | | |
| ${{ runner.os }}-brew- | |
| - uses: denoland/setup-deno@v1 | |
| with: | |
| deno-version: v1.37 | |
| - name: Setup Fluent CI CLI | |
| uses: fluentci-io/setup-fluentci@v4 | |
| - name: Setup Service Account | |
| run: echo $GCP_SERVICE_ACCOUNT > fluentci-086b644d4c53.json | |
| env: | |
| GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Set up secrets | |
| run: | | |
| echo "::set-env name=TF_VAR_secrets::$(cat <<EOF | |
| { | |
| "cargo_registry_token": "$(echo -n "${{ secrets.CARGO_REGISTRY_TOKEN }}" | base64 -w 0)", | |
| "cf_aws_access_key_id": "$(echo -n "${{ secrets.CF_AWS_ACCESS_KEY_ID }}" | base64 -w 0)", | |
| "cf_aws_secret_access_key": "$(echo -n "${{ secrets.CF_AWS_SECRET_ACCESS_KEY }}" | base64 -w 0)", | |
| "cloudflare_root_key": "$(echo -n "${{ secrets.CLOUDFLARE_ROOT_KEY }}" | base64 -w 0)", | |
| "cloudflare_worker_token": "$(echo -n "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}" | base64 -w 0)", | |
| "dagger_cloud_token": "$(echo -n "${{ secrets.DAGGER_CLOUD_TOKEN }}" | base64 -w 0)", | |
| "deno_deploy_token": "$(echo -n "${{ secrets.DENO_DEPLOY_TOKEN }}" | base64 -w 0)", | |
| "hex_api_key": "$(echo -n "${{ secrets.HEX_API_KEY }}" | base64 -w 0)", | |
| "mvola_consumer_key": "$(echo -n "${{ secrets.MVOLA_CONSUMER_KEY }}" | base64 -w 0)", | |
| "mvola_consumer_secret": "$(echo -n "${{ secrets.MVOLA_CONSUMER_SECRET }}" | base64 -w 0)", | |
| "netlify_auth_token": "$(echo -n "${{ secrets.NETLIFY_AUTH_TOKEN }}" | base64 -w 0)", | |
| "pulumi_access_token": "$(echo -n "${{ secrets.PULUMI_ACCESS_TOKEN }}" | base64 -w 0)", | |
| "shuttle_api_key": "$(echo -n "${{ secrets.SHUTTLE_API_KEY }}" | base64 -w 0)", | |
| "sonar_token": "$(echo -n "${{ secrets.SONAR_TOKEN }}" | base64 -w 0)", | |
| "spin_auth_token": "$(echo -n "${{ secrets.SPIN_AUTH_TOKEN }}" | base64 -w 0)", | |
| "wasmer_token": "$(echo -n "${{ secrets.WASMER_TOKEN }}" | base64 -w 0)", | |
| "ssh_private_key": "$(echo -n "${{ secrets.SSH_PRIVATE_KEY }}" | base64 -w 0)", | |
| "gpg_private_key": "$(echo -n "${{ secrets.GPG_PRIVATE_KEY }}" | base64 -w 0)", | |
| } | |
| EOF | |
| )" | |
| - name: Run Terraform Init, Validate, Plan and Apply | |
| run: fluentci run terraform_pipeline init validate plan apply | |
| env: | |
| DAGGER_CLOUD_TOKEN: ${{ secrets.DAGGER_CLOUD_TOKEN }} | |
| GOOGLE_APPLICATION_CREDENTIALS: fluentci-086b644d4c53.json | |
| TF_VERSION: 1.7.3 | |
| TF_VAR_gcp_credentials: fluentci-086b644d4c53.json | |
| TF_VAR_gcp_project: fluentci | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_WORKER_TOKEN }} | |
| TF_VAR_account_id: fe5b1e2ce9f94f4c0415ab94ce402012 | |
| TF_VAR_worker_name: envhub-installer | |
| - name: Install Homebrew | |
| run: | | |
| /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
| - name: Verify All secrets (Cloudflare) | |
| run: | | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| brew install httpie | |
| eval "$(http https://install.envhub.sh/secrets "Authorization: Bearer $CLOUDFLARE_ROOT_KEY" "Accept: application/x-sh" --print=b)" | |
| printenv | grep -q '^CARGO_REGISTRY_TOKEN=' | |
| printenv | grep -q '^CF_AWS_ACCESS_KEY_ID=' | |
| printenv | grep -q '^CF_AWS_SECRET_ACCESS_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_ROOT_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_WORKER_TOKEN=' | |
| printenv | grep -q '^DAGGER_CLOUD_TOKEN=' | |
| printenv | grep -q '^DENO_DEPLOY_TOKEN=' | |
| printenv | grep -q '^HEX_API_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_SECRET=' | |
| printenv | grep -q '^NETLIFY_AUTH_TOKEN=' | |
| printenv | grep -q '^PULUMI_ACCESS_TOKEN=' | |
| printenv | grep -q '^SHUTTLE_API_KEY=' | |
| printenv | grep -q '^SONAR_TOKEN=' | |
| printenv | grep -q '^SPIN_AUTH_TOKEN=' | |
| printenv | grep -q '^WASMER_TOKEN=' | |
| env: | |
| CLOUDFLARE_ROOT_KEY: "${{ secrets.CLOUDFLARE_ROOT_KEY }}" | |
| - name: Verify All secrets (Google Secret Manager) | |
| run: | | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| brew install teller | |
| eval "$(teller sh)" | |
| printenv | grep -q '^CARGO_REGISTRY_TOKEN=' | |
| printenv | grep -q '^AWS_ACCESS_KEY_ID=' | |
| printenv | grep -q '^AWS_SECRET_ACCESS_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_ROOT_KEY=' | |
| printenv | grep -q '^CLOUDFLARE_WORKER_TOKEN=' | |
| printenv | grep -q '^DAGGER_CLOUD_TOKEN=' | |
| printenv | grep -q '^DENO_DEPLOY_TOKEN=' | |
| printenv | grep -q '^HEX_API_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_KEY=' | |
| printenv | grep -q '^MVOLA_CONSUMER_SECRET=' | |
| printenv | grep -q '^NETLIFY_AUTH_TOKEN=' | |
| printenv | grep -q '^PULUMI_ACCESS_TOKEN=' | |
| printenv | grep -q '^SHUTTLE_API_KEY=' | |
| printenv | grep -q '^SONAR_TOKEN=' | |
| printenv | grep -q '^SPIN_AUTH_TOKEN=' | |
| printenv | grep -q '^WASMER_TOKEN=' | |
| env: | |
| GOOGLE_APPLICATION_CREDENTIALS: fluentci-086b644d4c53.json |