rabbitmq: Add TLS support #210
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Setup CAPI preview | |
| on: | |
| pull_request: | |
| types: [labeled, synchronize, opened, reopened] | |
| env: | |
| CLUSTER_NAME: preview-pr-${{ github.event.pull_request.number }} | |
| OPENSTACK_FAILURE_DOMAIN: az3 | |
| DNS_ZONE: ospk8s | |
| PIPENV_MAX_DEPTH: "4" | |
| jobs: | |
| setup: | |
| if: contains(github.event.pull_request.labels.*.name, 'preview-capi') | |
| runs-on: [self-hosted] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11.x | |
| - name: Mask secrets | |
| run: | | |
| echo "::add-mask::${{ secrets.PREVIEW_KUBECONFIG }}" | |
| echo "::add-mask::${{ secrets.GCLOUD_SVC_ACCOUNT_KEY_JSON }}" | |
| echo "::add-mask::${{ secrets.GITLAB_TOKEN }}" | |
| - name: Auth with Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCLOUD_SVC_ACCOUNT_KEY_JSON }} | |
| project_id: ospk8s | |
| - name: Setup Google Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Cache tools | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.local/bin | |
| ~/.local/share/virtualenvs | |
| key: ${{ runner.os }}-${{ hashFiles('Pipfile.lock', 'ci/preview/capi/install-tools.sh') }} | |
| - name: Install tools | |
| working-directory: ci/preview/capi | |
| run: ./install-tools.sh | |
| - name: Update operator image | |
| working-directory: config/manager | |
| run: | | |
| kustomize edit set image ghcr.io/ianunruh/openstack-operator:sha-$GITHUB_SHA | |
| - name: Setup CAPI cluster | |
| working-directory: ci/preview/capi | |
| run: ./setup.sh | |
| env: | |
| PREVIEW_KUBECONFIG: ${{ secrets.PREVIEW_KUBECONFIG }} | |
| GCLOUD_SVC_ACCOUNT_KEY_JSON: ${{ secrets.GCLOUD_SVC_ACCOUNT_KEY_JSON }} | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN_READ }} | |
| GITHUB_PR_BODY: ${{ github.event.pull_request.body }} | |
| - name: Post comment to PR | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| message: | | |
| CAPI K8s cluster in `${{ env.OPENSTACK_FAILURE_DOMAIN }}` ready for testing 🚀 | |
| Last deployed commit: `${{ github.sha }}` | |
| Horizon: https://horizon.${{ env.CLUSTER_NAME }}.${{ env.OPENSTACK_FAILURE_DOMAIN }}.test.ospk8s.com | |
| ```bash | |
| clusterctl get kubeconfig -n ospk8s-ci ${{ env.CLUSTER_NAME }} > kubeconfig | |
| export KUBECONFIG=$(pwd)/kubeconfig | |
| kubectl get secret keystone -o 'jsonpath={.data.OS_PASSWORD}' | base64 -d | |
| ``` | |
| - name: Setup Keystone OIDC | |
| working-directory: ci/preview/capi | |
| run: ./setup-oidc.sh | |
| env: | |
| PREVIEW_KUBECONFIG: ${{ secrets.PREVIEW_KUBECONFIG }} | |
| GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} |