Manage GitHub org secrets in terraform #65
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KeenWill
approved these changes
Mar 17, 2021
|
Having a nice GitHub app is a real problem if you're addicted to GitHub |
|
Yeah now I get push notifications in addition to email lol |
ArmaanT
added a commit
that referenced
this pull request
Mar 21, 2021
* Fix typo * Configure gh actions secrets
joyliu-q
added a commit
that referenced
this pull request
Mar 23, 2022
* fixes pt 1 * fixes 2: celery as django * hopefully finished the cert changes * bump projen and dep versions * fix all the tests * version bump * fix formatting, gpg key test * merge2 * dependency bumps * small fixes * docs * AWS Migration (#35) * Init * Platform users can assume kubectl * Fixes * Vault configuration * Flush to vault * Use maps * Move file * Make ami local * reformat * format * Limit vault IAM to getting roles * Fix grafana vault path * Bump DB size * Add additional IAM roles * Configure vault iam backend * Initial DB backup * Secret sync * Get base_cluster config working * Remove unused variables * Add additional apps to cluster * Add comment * Initial team sync * Remove atlantis * Remove note * Remove terraform approle * Add note * Allow gh action user eks access through kubectl role * Move policy * Allow gh actions user to describe cluster * Small refactor * Finish team-sync * db backup * Rename vars * Rename * Hardcode vault * Documentation++ * Delete old config * Lint * Add tf module source * Link traefik replicas to cluster size * Fix grant * Configure domains * Bump rds version * Scale * Update comment * Disable AppRole authentication in vault * Fix local-exec * Remove SSH access to vault * Fix local-exec for vault pt 2 * Fixes * Update vault README * Remove TODOs * Lint Terraform (#58) * Lint * unlint * Fix * Fix again * Lint * Lint again * Reconfigure renovate (#55) * Reconfigure renovate * Remove duplicate file * Bastion (#64) * Upgrade to tf 0.14 * Make admin key pair * Configure bastion * Fix DNS records * Fix comment * Release kraken 0.5.1 * Manage GitHub org secrets in terraform (#65) * Fix typo * Configure gh actions secrets * Selfhost Renovate (#67) * Renovate * Fix renovate config * Finish renovate helm config * Update README * Renovate preset within subdirectory * Update renovate * Customize onboarding * Update renovate config * Update renovate config * Renovate typo * Update packages * Update cdk8s imports * lint + update code * Update service * Update ingress * Update certificate * Update container * Rename ingress prop * Simplify service config * Update cronjob * Add TODOs * Update application * 📝 Fix GIT_SHA so it's actually git sha * 🎨 Delete my comment yay * 🎨 Mini fix: better typescript * 🎨 Spellcheck (sorry for so many small commits) * 🎨 Fix unnecc return * 🚧 Make isSubdomain Optional * 🐛 Fix type errors for all ReactApplications * 🐛 Fix type errors for all RedisApplications * 🐛 Fix all Application type errors * 🔥 Removed autoscaler related code * 📝 Resolved TODO * ⬇️ Downgrade cdk8s-cli for import gen * 🐛 Fix dep bump bugs * 📝 Fix tslint error * 🐛 Fix typo in application tests * 📝 Better handling of no GIT_SHA provided * Style changes * 🐛 Correct legacy config * 📦 Regenerate snapshots * ✅ Add GIT_SHA to yarn test * 🎨 Style changes * 🚧 Add NonEmptyArray Type * ✅ Make tests pass * ⬆️ Upgraded cert-manager BUT NOT RLLY?? * ➖ Remove explicit namespace def * 🎉 Fix NonEmptyArray * 🎨 Random nit * 🐛 Fix cronjob port issues * 🐛 Fix typedoc * 🔥 Remove Probes * Fix cert-manager versions * ➖ Remove explicit default namespace def Signed-off-by: Joy Liu <joyliu.q@gmail.com> * ⚡ Change Certifate creation to have 1-1 correspondence w actual certificates Signed-off-by: Joy Liu <joyliu.q@gmail.com> * 📝 Update snapshot tests * Update k8s versions * Lint * Update CronJob + Ingress * 🔥 Remove insertIfNotPresent, allow duplicate env for DOMAIN & PORT and remove duplication under the hood * 🚧 Add service accounts (annotation & namespace wip) * 🚧 Clean logic + update snapshot Signed-off-by: Joy Liu <joyliu.q@gmail.com> * 🆕 Add ServiceAccount + update annotations * 🆕 Added ingress annotations * 🎨 Update docs & match USER_GUIDE for icarus * 🚚 Refactor applications + add ingressProps * 🐛 Whoops sorry forgot to do this * 🎨 Make stuff better * ✔️ Update OHQ to match values.yaml * ⬆️ Update courses test to match current values.yaml * ⬆️ Update ohq test to match current values.yaml * 🎨 Misc changes * 🆕 Add cron-time-generator as dep * 🆕 Add NonEmptyArray + functions to index * 🐛 Fix parent chart bug * 🐛 Nevermind that's not it and im bewildered * 🆕 Correct resource annotation & add cronjob for clubs * 🆕 Move secret, add Penn Mobile snapshot * 🐛 Added maxUnavailable to deployment * 🆕 Making ingress optional for internal facing applications? * 🎨 Update snapshot * 🆕 Configure helm to keep certificates once generated * 🎨 Updated snapshot * 🎨 Documentation lmao * 🎨 Clean-up * ➖ Remove helm annotations on certs cuz not using icarus * 🐛 Stop duplicating certs * 🎨 Fix crontime * 🎨 Standardize env name convention: React use DOMAIN, Django use DOMAINS * 🎨 Oh snap(shot) * 🎨 Gud code practices * 🆕 Move paths into HostRules (WIP breaks tests) * 🎨 Standardize domain/domains type * ✅ Update tests to make them pass (hopefully) * 🆕 Add chart labels (git sha + release name) * Modify chart * 🐛 Fix forward slash bug * Switch to k8s common labels * Remove integration tests * Update tests * Delete test * Lint * 🎉 Add README * 🎨 Make README better * 📝 Update application unit tests * 🐛 These chart test helpers in utils sus but at least code cov got boosted * Add comment * Small lint * 🎨 Improve code cov * 🆕 Added and ran prettier * 🎨 Remove TODOs * 🎨 Update Projen & Run Projen * ⬆️ Update yarn lock file * 🎨 Update README * 🎨 Projen configure jest ignore patterns * 🎉 Default children names * 🐛 Handle non labs chart w certificates * ⬆️ Upgrade Projen and Add Prettier Ignores * More common labels * 🎨 Add back the construct name for non-cdk8s children * Even more common labels * Projen changes * Lint * Attempt fix * 🎨 Yay * 🎉 Add name * 🐛 Fix cert label * Update version Co-authored-by: Armaan Tobaccowalla <armaan@tobaccowalla.com> Co-authored-by: Qijia "Joy" Liu <joyliu.q@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A new release of the GitHub provider added the ability to manage organization GitHub Actions secrets. This PR configures terraform to create the secrets we need to deploy our products.