trying single line private key #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployments | ||
on: | ||
workflow_call: | ||
# Inputs the workflow accepts. | ||
inputs: | ||
environment: | ||
description: 'Which environment to deploy to' | ||
default: 'dev' | ||
required: true | ||
type: string | ||
imagetag: | ||
description: 'Which image tag to use' | ||
default: 'test' | ||
required: true | ||
type: string | ||
penetration_test: | ||
description: 'If penetration test is required' | ||
default: false | ||
required: true | ||
type: boolean | ||
vault_zone: | ||
description: 'Which vault zone to use' | ||
default: 'dev' | ||
required: true | ||
type: string | ||
zone: | ||
description: 'Which zone to use' | ||
default: 'dev' | ||
required: true | ||
type: string | ||
workflow_dispatch: | ||
# Inputs the workflow accepts. | ||
inputs: | ||
environment: | ||
description: 'Which environment to deploy to' | ||
default: 'dev' | ||
required: true | ||
type: choice | ||
options: | ||
- 'dev' | ||
- 'test' | ||
- 'prod' | ||
imagetag: | ||
description: 'Which image tag to use' | ||
default: 'test' | ||
required: true | ||
type: string | ||
penetration_test: | ||
description: 'If penetration test is required' | ||
default: false | ||
required: true | ||
type: boolean | ||
vault_zone: | ||
description: 'Which vault zone to use' | ||
default: 'dev' | ||
required: true | ||
type: choice | ||
options: | ||
- 'dev' | ||
- 'test' | ||
- 'prod' | ||
zone: | ||
description: 'Which zone to use' | ||
default: 'dev' | ||
required: true | ||
type: string | ||
jobs: | ||
deployments: | ||
name: Deployments | ||
environment: ${{inputs.environment}} | ||
runs-on: ubuntu-22.04 | ||
strategy: | ||
max-parallel: 1 | ||
fail-fast: true | ||
matrix: | ||
name: [init, backend/vehicles, backend/dops, frontend] | ||
include: | ||
- name: backend/vehicles | ||
file: backend/vehicles/openshift.deploy.yml | ||
overwrite: true | ||
- name: backend/dops | ||
file: backend/dops/openshift.deploy.yml | ||
overwrite: true | ||
- name: backend/sftp | ||
file: backend/sftp/openshift.deploy.yml | ||
overwrite: true | ||
- name: frontend | ||
file: frontend/openshift.deploy.yml | ||
overwrite: true | ||
- name: init | ||
file: common/openshift.init.yml | ||
overwrite: false | ||
steps: | ||
- name: Import Secrets | ||
id: vault | ||
uses: hashicorp/vault-action@v2 | ||
with: | ||
url: https://vault.developer.gov.bc.ca | ||
token: ${{ secrets.VAULT_TOKEN }} | ||
exportEnv: "false" | ||
namespace: platform-services | ||
secrets: | | ||
${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_HOST | VAULT_DATABASE_HOST; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_USER | VAULT_DATABASE_USER; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_NAME | VAULT_DATABASE_NAME; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_PASSWORD | VAULT_DATABASE_PASSWORD; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_PORT | VAULT_DATABASE_PORT; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_ISSUER_URL | VAULT_AUTH0_ISSUER_URL; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_AUDIENCE | VAULT_AUTH0_AUDIENCE; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_IGNORE_EXP | VAULT_AUTH0_IGNORE_EXP; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} SITEMINDER_LOG_OFF_URL | VAULT_SITEMINDER_LOG_OFF_URL; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_CVSE_FORMS_CACHE_TTL_MS | VAULT_DOPS_CVSE_FORMS_CACHE_TTL_MS; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ACCESS_TYPE | VAULT_DOPS_S3_ACCESS_TYPE; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ACCESSKEYID | VAULT_DOPS_S3_ACCESSKEYID; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_BUCKET | VAULT_DOPS_S3_BUCKET; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_PRESIGNED_URL_EXPIRY | VAULT_DOPS_S3_PRESIGNED_URL_EXPIRY; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ENDPOINT | VAULT_DOPS_S3_ENDPOINT; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_KEY | VAULT_DOPS_S3_KEY; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_SECRETACCESSKEY | VAULT_DOPS_S3_SECRETACCESSKEY; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_TOKEN_URL | VAULT_CHES_TOKEN_URL; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_URL | VAULT_CHES_URL; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_CLIENT_ID | VAULT_CHES_CLIENT_ID; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_CLIENT_SECRET | VAULT_CHES_CLIENT_SECRET; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_CLIENT_ID | VAULT_CDOGS_CLIENT_ID; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_CLIENT_SECRET | VAULT_CDOGS_CLIENT_SECRET; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_TOKEN_URL | VAULT_CDOGS_TOKEN_URL; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_URL | VAULT_CDOGS_URL; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/cfs-${{inputs.vault_zone}} CFS_PRIVATE_KEY | VAULT_CFS_PRIVATE_KEY; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/cfs-${{inputs.vault_zone}} CFS_PASSPHRASE | VAULT_CFS_PASSPHRASE; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/be-api-${{inputs.vault_zone}} NODE_ENV | VAULT_NODE_ENV; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} MOTIPAY_API_KEY | VAULT_MOTIPAY_API_KEY; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} MOTIPAY_MERCHANT_ID | VAULT_MOTIPAY_MERCHANT_ID; | ||
${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} MOTIPAY_BASE_URL | VAULT_MOTIPAY_BASE_URL; | ||
- uses: bcgov-nr/[email protected] | ||
with: | ||
file: ${{ matrix.file }} | ||
oc_namespace: ${{inputs.environmnet }} | ||
oc_server: ${{ secrets.OC_SERVER }} | ||
oc_token: '${{ secrets.OC_TOKEN }}' | ||
overwrite: ${{ matrix.overwrite }} | ||
parameters: | ||
-p ZONE=${{inputs.zone}} | ||
-p NAME=${{ github.event.repository.name }} | ||
-p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{inputs.imagetag}} | ||
-p DATABASE_NAME=${{steps.vault.outputs.VAULT_DATABASE_NAME}} | ||
-p DATABASE_USER=${{steps.vault.outputs.VAULT_DATABASE_USER}} | ||
-p DATABASE_PASSWORD=${{steps.vault.outputs.VAULT_DATABASE_PASSWORD}} | ||
-p DATABASE_HOST=${{steps.vault.outputs.VAULT_DATABASE_HOST}} | ||
-p AUTH0_ISSUER_URL=${{steps.vault.outputs.VAULT_AUTH0_ISSUER_URL}} | ||
-p AUTH0_AUDIENCE=${{steps.vault.outputs.VAULT_AUTH0_AUDIENCE}} | ||
-p AUTH0_IGNORE_EXP=${{steps.vault.outputs.VAULT_AUTH0_IGNORE_EXP}} | ||
-p SITEMINDER_LOG_OFF_URL=${{steps.vault.outputs.VAULT_SITEMINDER_LOG_OFF_URL}} | ||
-p DOPS_CVSE_FORMS_CACHE_TTL_MS=${{steps.vault.outputs.VAULT_DOPS_CVSE_FORMS_CACHE_TTL_MS}} | ||
-p DOPS_S3_ACCESS_TYPE=${{steps.vault.outputs.VAULT_DOPS_S3_ACCESS_TYPE}} | ||
-p DOPS_S3_ACCESSKEYID=${{steps.vault.outputs.VAULT_DOPS_S3_ACCESSKEYID}} | ||
-p DOPS_S3_BUCKET=${{steps.vault.outputs.VAULT_DOPS_S3_BUCKET}} | ||
-p DOPS_S3_PRESIGNED_URL_EXPIRY=${{steps.vault.outputs.VAULT_DOPS_S3_PRESIGNED_URL_EXPIRY}} | ||
-p DOPS_S3_ENDPOINT=${{steps.vault.outputs.VAULT_DOPS_S3_ENDPOINT}} | ||
-p DOPS_S3_KEY=${{steps.vault.outputs.VAULT_DOPS_S3_KEY}} | ||
-p DOPS_S3_SECRETACCESSKEY=${{steps.vault.outputs.VAULT_DOPS_S3_SECRETACCESSKEY}} | ||
-p CHES_TOKEN_URL=${{steps.vault.outputs.VAULT_CHES_TOKEN_URL}} | ||
-p CHES_CLIENT_ID=${{steps.vault.outputs.VAULT_CHES_CLIENT_ID}} | ||
-p CHES_CLIENT_SECRET=${{steps.vault.outputs.VAULT_CHES_CLIENT_SECRET}} | ||
-p CHES_URL=${{steps.vault.outputs.VAULT_CHES_URL}} | ||
-p CDOGS_CLIENT_ID=${{steps.vault.outputs.VAULT_CDOGS_CLIENT_ID}} | ||
-p CDOGS_CLIENT_SECRET=${{steps.vault.outputs.VAULT_CDOGS_CLIENT_SECRET}} | ||
-p CDOGS_TOKEN_URL=${{steps.vault.outputs.VAULT_CDOGS_TOKEN_URL}} | ||
-p CDOGS_URL=${{steps.vault.outputs.VAULT_CDOGS_URL}} | ||
#-p CFS_PRIVATE_KEY='${{steps.vault.outputs.VAULT_CFS_PRIVATE_KEY}}' | ||
-p CFS_PASSPHRASE=${{steps.vault.outputs.VAULT_CFS_PASSPHRASE}} | ||
-p NODE_ENV=${{steps.vault.outputs.VAULT_NODE_ENV}} | ||
-p MOTIPAY_API_KEY=${{steps.vault.outputs.VAULT_MOTIPAY_API_KEY}} | ||
-p MOTIPAY_MERCHANT_ID=${{steps.vault.outputs.VAULT_MOTIPAY_MERCHANT_ID}} | ||
-p MOTIPAY_BASE_URL=${{steps.vault.outputs.VAULT_MOTIPAY_BASE_URL}} | ||
${{ matrix.parameters }} | ||
penetration_test: ${{ github.event_name != 'pull_request'}} | ||
penetration_test_issue: ${{ matrix.name }} |