From 8806c8cd74933cf5aeaca29b92f4ba7809585a2e Mon Sep 17 00:00:00 2001 From: Filipe Forattini Date: Tue, 3 May 2022 18:53:01 -0300 Subject: [PATCH] fix: working better with secrets deployment --- .github/workflows/service-push.yml | 55 +++++++++++++++++++++++------- src/scrappers/docker.class.js | 26 +++++++------- src/scrappers/git.class.js | 2 +- 3 files changed, 58 insertions(+), 25 deletions(-) diff --git a/.github/workflows/service-push.yml b/.github/workflows/service-push.yml index cea551e3..e6ad5dec 100644 --- a/.github/workflows/service-push.yml +++ b/.github/workflows/service-push.yml @@ -101,9 +101,7 @@ jobs: strategy: matrix: - node-version: - - 16 - - 17 + node-version: [ 16, 17 ] steps: @@ -193,6 +191,9 @@ jobs: - Setup - Tests-Node + outputs: + Version: ${{ steps.versioning.outputs.version }} + steps: # pre-job @@ -234,7 +235,8 @@ jobs: - name: Debug | Print .releaserc.json run: cat .releaserc.json - - name: Semantic Release dependencies + - name: Semantic Release + id: versioning env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -246,8 +248,9 @@ jobs: @semantic-release/changelog \ @semantic-release/commit-analyzer \ @semantic-release/release-notes-generator - echo "semantic-release version = $(semantic-release -v)" + echo "\n\nINFO semantic-release version = $(semantic-release -v)\n\n" semantic-release + echo "::set-output name=version::$(cat package.json | jq '.version')" #--------------------------------------------------# @@ -261,9 +264,7 @@ jobs: strategy: matrix: - node-version: - - 16 - - 17 + node-version: [ 16, 17 ] steps: @@ -291,6 +292,7 @@ jobs: echo "::set-output name=docker_command::$(echo $PIPELINE_SETUP | jq -r '.dockerfile.command')" echo "::set-output name=docker_entrypoint::$(echo $PIPELINE_SETUP | jq -r '.dockerfile.entrypoint')" echo "::set-output name=docker_dependency_command::$(echo $PIPELINE_SETUP | jq -r '.dockerfile.dependencyCommand')" + echo "::set-output name=docker_image_fullname::$(echo $PIPELINE_SETUP | jq -r '.dockerfile.imageFullname')" echo "::set-output name=docker_image_tags::$(echo $PIPELINE_SETUP | jq -r '.dockerfile.tagsAsString')" echo "::set-output name=docker_main_image::$(echo $PIPELINE_SETUP | jq -r '.dockerfile.mainImage')" @@ -345,10 +347,10 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max - tags: ${{steps.node_setup.outputs.docker_image_tags}} + tags: ${{steps.node_setup.outputs.docker_image_tags}}, ${{steps.node_setup.outputs.docker_image_fullname}}:${{needs.Release-Node.outputs.Version}} labels: "organization: ${{github.repository_owner}}, repository: ${{github.repository}}, branch: ${{needs.Setup.outputs.Branch}}, commit: ${{needs.Setup.outputs.ShaHash}}, date: ${{needs.Setup.outputs.Date}}, timestamp: ${{needs.Setup.outputs.Timestamp}}" - - name: Trace | List docker images + - name: Debug | List docker images run: docker images # - name: Run Trivy vulnerability scanner @@ -404,10 +406,11 @@ jobs: echo "::set-output name=deploy_organization::$(echo $PIPELINE_SETUP | jq -r '.deploy.organization')" echo "::set-output name=deploy_container_registry::$(echo $PIPELINE_SETUP | jq -r '.deploy.containerRegistry')" echo "::set-output name=deploy_repository::$(echo $PIPELINE_SETUP | jq -r '.deploy.repository')" - echo "::set-output name=deploy_tag::$(echo $PIPELINE_SETUP | jq -r '.deploy.tag')" + echo "::set-output name=deploy_tag::$(echo $PIPELINE_SETUP | jq -r '.deploy.commitTag')" # deploy - name: Decrypt Dev Secrets + if: steps.deploy_setup.outputs.has_dev_secrets == 'true' run: | gpg \ --yes --batch --quiet --decrypt \ @@ -415,6 +418,15 @@ jobs: --output ./manifests/k8s-secrets.env \ ./manifests/secrets/dev.gpg + - name: Delete K8s secrets + if: steps.deploy_setup.outputs.deploy_as_k8s == 'true' + uses: actions-hub/kubectl@master + env: + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: delete secret svc -n ${{steps.deploy_setup.outputs.deploy_repository}} --ignore-not-found + - name: Create K8s secrets if: steps.deploy_setup.outputs.deploy_as_k8s == 'true' uses: actions-hub/kubectl@master @@ -422,7 +434,26 @@ jobs: KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - args: create secret generic -n ${{steps.deploy_setup.outputs.deploy_repository}} --from-env-file=./manifests/k8s-secrets.env svc + args: | + create secret generic \ + --edit=true \ + --from-env-file=./manifests/k8s-secrets.env \ + -n ${{steps.deploy_setup.outputs.deploy_repository}} \ + svc + + - name: Create K8s secrets versioned + if: steps.deploy_setup.outputs.deploy_as_k8s == 'true' + uses: actions-hub/kubectl@master + env: + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: | + create secret generic \ + --edit=true \ + --from-env-file=./manifests/k8s-secrets.env \ + -n ${{steps.deploy_setup.outputs.deploy_repository}} \ + svc-${{ needs.Release-Node.outputs.Version }} - name: Install | YTT uses: vmware-tanzu/carvel-setup-action@v1 diff --git a/src/scrappers/docker.class.js b/src/scrappers/docker.class.js index 3b6a1983..6d1b15bb 100644 --- a/src/scrappers/docker.class.js +++ b/src/scrappers/docker.class.js @@ -15,26 +15,28 @@ module.exports = class Docker extends Scrapper { const containerRegistry = this.inputs.containerRegistry const containerName = this.context.payload.repository.full_name - const mainImage = `${containerRegistry}/${containerName}:c-${this.output.git.commit}` + const imageFullname = `${containerRegistry}/${containerName}` + const mainImage = `${imageFullname}:c-${this.output.git.commit}` let tags = [ - `${containerRegistry}/${containerName}:latest`, - `${containerRegistry}/${containerName}:d-${this.output.run.date}`, - `${containerRegistry}/${containerName}:r-${this.output.run.count}`, - `${containerRegistry}/${containerName}:t-${this.output.run.startTimestamp}`, - `${containerRegistry}/${containerName}:b-${this.output.git.branch}`, - `${containerRegistry}/${containerName}:c-${this.output.git.commit}`, - // `${containerRegistry}/${containerName}:node-${matrix.node-version}`, - // `${containerRegistry}/${containerName}:node-${matrix.node-version}-latest`, - // `${containerRegistry}/${containerName}:node-${matrix.node-version}-d-${needs.Setup.outputs.Date}`, - // `${containerRegistry}/${containerName}:node-${matrix.node-version}-b-${needs.Setup.outputs.Branch}`, - // `${containerRegistry}/${containerName}:node-${matrix.node-version}-c-${needs.Setup.outputs.ShaHash}`, + `${imageFullname}:latest`, + `${imageFullname}:d-${this.output.run.date}`, + `${imageFullname}:r-${this.output.run.count}`, + `${imageFullname}:t-${this.output.run.startTimestamp}`, + `${imageFullname}:b-${this.output.git.branch}`, + `${imageFullname}:c-${this.output.git.commit}`, + // `${imageFullName}:node-${matrix.node-version}`, + // `${imageFullName}:node-${matrix.node-version}-latest`, + // `${imageFullName}:node-${matrix.node-version}-d-${needs.Setup.outputs.Date}`, + // `${imageFullName}:node-${matrix.node-version}-b-${needs.Setup.outputs.Branch}`, + // `${imageFullName}:node-${matrix.node-version}-c-${needs.Setup.outputs.ShaHash}`, ] this .add('dockerfile', { hasDockerfile, hasDockerignore, + imageFullname, mainImage, tags, tagsAsString: tags.join(', '), diff --git a/src/scrappers/git.class.js b/src/scrappers/git.class.js index d4d6721d..405cd84c 100644 --- a/src/scrappers/git.class.js +++ b/src/scrappers/git.class.js @@ -23,7 +23,7 @@ module.exports = class Git extends Scrapper { repository, organization, namespace: repository, - tag: `c-${commit}`, + commitTag: `c-${commit}`, }) .add('git', { branch,