-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (133 loc) · 6.54 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: terraform apply
on:
workflow_dispatch:
push:
branches:
- main
jobs:
apply:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Cache Homebrew directory
uses: actions/cache@v2
with:
path: /home/linuxbrew/.linuxbrew
key: ${{ runner.os }}-brew
restore-keys: |
${{ runner.os }}-brew-
- name: Setup Fluent CI CLI
uses: fluentci-io/setup-fluentci@v5
- name: Setup Service Account
run: echo $GCP_SERVICE_ACCOUNT > fluentci-086b644d4c53.json
env:
GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Run Terraform Init, Validate, Plan and Apply
run: |
fluentci run --wasm terraform init
fluentci run --wasm terraform validate
fluentci run --wasm terraform plan
fluentci run --wasm terraform apply -auto-approve
env:
DAGGER_CLOUD_TOKEN: ${{ secrets.DAGGER_CLOUD_TOKEN }}
GOOGLE_APPLICATION_CREDENTIALS: fluentci-086b644d4c53.json
TF_VERSION: 1.7.3
TF_VAR_gcp_credentials: fluentci-086b644d4c53.json
TF_VAR_gcp_project: fluentci
TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_WORKER_TOKEN }}
TF_VAR_account_id: fe5b1e2ce9f94f4c0415ab94ce402012
TF_VAR_worker_name: envhub-installer
TF_VAR_secrets: |
{
"cargo_registry_token": "${{ secrets.CARGO_REGISTRY_TOKEN }}",
"cf_aws_access_key_id": "${{ secrets.CF_AWS_ACCESS_KEY_ID }}",
"cf_aws_secret_access_key": "${{ secrets.CF_AWS_SECRET_ACCESS_KEY}}",
"cloudflare_root_key": "${{ secrets.CLOUDFLARE_ROOT_KEY }}",
"cloudflare_worker_token": "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}",
"dagger_cloud_token": "${{ secrets.DAGGER_CLOUD_TOKEN }}",
"deno_deploy_token": "${{ secrets.DENO_DEPLOY_TOKEN }}",
"hex_api_key": "${{ secrets.HEX_API_KEY }}",
"mvola_consumer_key": "${{ secrets.MVOLA_CONSUMER_KEY }}",
"mvola_consumer_secret": "${{ secrets.MVOLA_CONSUMER_SECRET }}",
"netlify_auth_token": "${{ secrets.NETLIFY_AUTH_TOKEN }}",
"pulumi_access_token": "${{ secrets.PULUMI_ACCESS_TOKEN }}",
"shuttle_api_key": "${{ secrets.SHUTTLE_API_KEY }}",
"sonar_token": "${{ secrets.SONAR_TOKEN }}",
"spin_auth_token": "${{ secrets.SPIN_AUTH_TOKEN }}",
"wasmer_token": "${{ secrets.WASMER_TOKEN }}",
}
TF_VAR_secrets_gcp: |
{
"cargo_registry_token": "${{ secrets.CARGO_REGISTRY_TOKEN }}",
"cf_aws_access_key_id": "${{ secrets.CF_AWS_ACCESS_KEY_ID }}",
"cf_aws_secret_access_key": "${{ secrets.CF_AWS_SECRET_ACCESS_KEY}}",
"cloudflare_root_key": "${{ secrets.CLOUDFLARE_ROOT_KEY }}",
"cloudflare_worker_token": "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}",
"dagger_cloud_token": "${{ secrets.DAGGER_CLOUD_TOKEN }}",
"deno_deploy_token": "${{ secrets.DENO_DEPLOY_TOKEN }}",
"hex_api_key": "${{ secrets.HEX_API_KEY }}",
"mvola_consumer_key": "${{ secrets.MVOLA_CONSUMER_KEY }}",
"mvola_consumer_secret": "${{ secrets.MVOLA_CONSUMER_SECRET }}",
"netlify_auth_token": "${{ secrets.NETLIFY_AUTH_TOKEN }}",
"pulumi_access_token": "${{ secrets.PULUMI_ACCESS_TOKEN }}",
"shuttle_api_key": "${{ secrets.SHUTTLE_API_KEY }}",
"sonar_token": "${{ secrets.SONAR_TOKEN }}",
"spin_auth_token": "${{ secrets.SPIN_AUTH_TOKEN }}",
"wasmer_token": "${{ secrets.WASMER_TOKEN }}",
"ssh_private_key": "${{ secrets.SSH_PRIVATE_KEY }}",
"ssh_public_key": "${{ secrets.SSH_PUBLIC_KEY }}",
"gpg_private_key": "${{ secrets.GPG_PRIVATE_KEY }}",
"demo_keys": "${{ secrets.DEMO_KEYS }}",
"ssh_public_key_ed25519": "${{ secrets.SSH_PUBLIC_KEY_ED25519 }}",
}
- name: Install Homebrew
run: |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- name: Verify All secrets (Cloudflare)
run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew install httpie
eval "$(http https://install.envhub.sh/secrets "Authorization: Bearer $CLOUDFLARE_ROOT_KEY" "Accept: application/x-sh" --print=b)"
printenv | grep -q '^CARGO_REGISTRY_TOKEN='
printenv | grep -q '^CF_AWS_ACCESS_KEY_ID='
printenv | grep -q '^CF_AWS_SECRET_ACCESS_KEY='
printenv | grep -q '^CLOUDFLARE_ROOT_KEY='
printenv | grep -q '^CLOUDFLARE_WORKER_TOKEN='
printenv | grep -q '^DAGGER_CLOUD_TOKEN='
printenv | grep -q '^DENO_DEPLOY_TOKEN='
printenv | grep -q '^HEX_API_KEY='
printenv | grep -q '^MVOLA_CONSUMER_KEY='
printenv | grep -q '^MVOLA_CONSUMER_SECRET='
printenv | grep -q '^NETLIFY_AUTH_TOKEN='
printenv | grep -q '^PULUMI_ACCESS_TOKEN='
printenv | grep -q '^SHUTTLE_API_KEY='
printenv | grep -q '^SONAR_TOKEN='
printenv | grep -q '^SPIN_AUTH_TOKEN='
printenv | grep -q '^WASMER_TOKEN='
env:
CLOUDFLARE_ROOT_KEY: "${{ secrets.CLOUDFLARE_ROOT_KEY }}"
- name: Verify All secrets (Google Secret Manager)
run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew install teller
eval "$(teller sh)"
printenv | grep -q '^CARGO_REGISTRY_TOKEN='
printenv | grep -q '^AWS_ACCESS_KEY_ID='
printenv | grep -q '^AWS_SECRET_ACCESS_KEY='
printenv | grep -q '^CLOUDFLARE_ROOT_KEY='
printenv | grep -q '^CLOUDFLARE_WORKER_TOKEN='
printenv | grep -q '^DAGGER_CLOUD_TOKEN='
printenv | grep -q '^DENO_DEPLOY_TOKEN='
printenv | grep -q '^HEX_API_KEY='
printenv | grep -q '^MVOLA_CONSUMER_KEY='
printenv | grep -q '^MVOLA_CONSUMER_SECRET='
printenv | grep -q '^NETLIFY_AUTH_TOKEN='
printenv | grep -q '^PULUMI_ACCESS_TOKEN='
printenv | grep -q '^SHUTTLE_API_KEY='
printenv | grep -q '^SONAR_TOKEN='
printenv | grep -q '^SPIN_AUTH_TOKEN='
printenv | grep -q '^WASMER_TOKEN='
printenv | grep -q '^SSH_PRIVATE_KEY='
printenv | grep -q '^GPG_PRIVATE_KEY='
env:
GOOGLE_APPLICATION_CREDENTIALS: fluentci-086b644d4c53.json