From d4cedeff05e61dc9784098e1c1d01ab5555bc3d0 Mon Sep 17 00:00:00 2001 From: Idris Isah <58168886+eedygreen@users.noreply.github.com> Date: Tue, 29 Oct 2024 13:46:31 +0100 Subject: [PATCH] chore: Access Secrets based on environments segregate (#231) * segregate secrets based on environments * Added: Deployment Authorisation * fixed: typo * Added Authorisation --- .github/workflows/deploy_mainnet.yml | 27 +++++++++++++++++------- .github/workflows/deploy_mainnet_api.yml | 21 ++++++++++++------ .github/workflows/deploy_testnet.yml | 10 +++++---- .github/workflows/deploy_testnet_api.yml | 10 +++++---- 4 files changed, 46 insertions(+), 22 deletions(-) diff --git a/.github/workflows/deploy_mainnet.yml b/.github/workflows/deploy_mainnet.yml index 5e1ee34f..24eaf4a6 100644 --- a/.github/workflows/deploy_mainnet.yml +++ b/.github/workflows/deploy_mainnet.yml @@ -11,10 +11,10 @@ on: description: deploy v2 type: string +run-name: Deploy Explorer-Indexer to Mainnet - ${{ inputs.release_tag }} by @${{ github.actor }} + env: - AWS_REGION: '${{ secrets.AWS_REGION }}' ENVIRONMENT: MAINNET - AWS_MAINNET: '${{ secrets.AWS_MAINNET }}' REGISTRY: 'ghcr.io' VERSION: ${{ inputs.release_tag }} @@ -22,13 +22,22 @@ jobs: deploy: name: deploy runs-on: ubuntu-latest - + environment: mainnet permissions: contents: read id-token: write actions: write - + env: + AWS_REGION: '${{ secrets.AWS_REGION }}' + AWS_MAINNET: '${{ secrets.AWS_MAINNET }}' steps: + - name: Authorised User only + run: | + if [[ ! " tcar121293 eedygreen MakMuftic akchainsafe mpetrun5 " =~ " ${{ github.actor }} " ]]; then + echo "You are not authorized to deploy to mainnet!" + exit 1 + fi + - name: checkout ecs repo uses: actions/checkout@v4 with: @@ -46,8 +55,8 @@ jobs: awsAccountId=${{ env.AWS_MAINNET }} awsRegion=${{ env.AWS_REGION }} awsEnv=${{ env.ENVIRONMENT }} - DB_USERNAME=${{ secrets.MAIN_USERNAME }} - DB_PASSWORD=${{ secrets.MAIN_PASSWORD }} + DB_USERNAME=${{ secrets.DB_USERNAME }} + DB_PASSWORD=${{ secrets.DB_PASSWORD }} imageTag=${{ env.VERSION }} - name: Configure AWS Credentials @@ -78,12 +87,14 @@ jobs: # name: deploy v2 # runs-on: ubuntu-latest - + # environment: mainnet # permissions: # contents: read # id-token: write # actions: write - + # env: + # AWS_REGION: '${{ secrets.AWS_REGION }}' + # AWS_MAINNET: '${{ secrets.AWS_MAINNET }}' # steps: # - name: checkout ecs repo # uses: actions/checkout@v4 diff --git a/.github/workflows/deploy_mainnet_api.yml b/.github/workflows/deploy_mainnet_api.yml index 5ddc6fa4..559b6135 100644 --- a/.github/workflows/deploy_mainnet_api.yml +++ b/.github/workflows/deploy_mainnet_api.yml @@ -9,10 +9,10 @@ on: default: 'stable' type: string +run-name: Deploy Explorer-API to Mainnet - ${{ inputs.release_tag }} by @${{ github.actor }} + env: - AWS_REGION: '${{ secrets.AWS_REGION }}' ENVIRONMENT: MAINNET - AWS_MAINNET: '${{ secrets.AWS_MAINNET }}' REGISTRY: 'ghcr.io' VERSION: ${{ inputs.release_tag }} @@ -20,13 +20,22 @@ jobs: deploy: name: deploy runs-on: ubuntu-latest - + environment: mainnet permissions: contents: read id-token: write actions: write - + env: + AWS_REGION: '${{ secrets.AWS_REGION }}' + AWS_MAINNET: '${{ secrets.AWS_MAINNET }}' steps: + - name: Authorised User only + run: | + if [[ ! " tcar121293 eedygreen MakMuftic akchainsafe mpetrun5 " =~ " ${{ github.actor }} " ]]; then + echo "You are not authorized to deploy to mainnet!" + exit 1 + fi + - name: checkout ecs repo uses: actions/checkout@v4 with: @@ -44,8 +53,8 @@ jobs: awsAccountId=${{ env.AWS_MAINNET }} awsRegion=${{ env.AWS_REGION }} awsEnv=${{ env.ENVIRONMENT }} - DB_USERNAME=${{ secrets.MAIN_USERNAME }} - DB_PASSWORD=${{ secrets.MAIN_PASSWORD }} + DB_USERNAME=${{ secrets.DB_USERNAME }} + DB_PASSWORD=${{ secrets.DB_PASSWORD }} imageTag=${{ env.VERSION }} - name: Configure AWS Credentials diff --git a/.github/workflows/deploy_testnet.yml b/.github/workflows/deploy_testnet.yml index c137689e..a28a9a82 100644 --- a/.github/workflows/deploy_testnet.yml +++ b/.github/workflows/deploy_testnet.yml @@ -5,10 +5,10 @@ on: types: - published +run-name: Deploy Explorer-Indexer to Testnet - ${{ inputs.release_tag }} by @${{ github.actor }} + env: - AWS_REGION: '${{ secrets.AWS_REGION }}' ENVIRONMENT: TESTNET - AWS_TESTNET: '${{ secrets.AWS_ARN }}' REGISTRY: 'ghcr.io' TAG: 'stable' VERSION: ${{ github.event.release.tag_name }} @@ -59,12 +59,14 @@ jobs: needs: push name: deploy runs-on: ubuntu-latest - + environment: testnet permissions: contents: read id-token: write actions: write - + env: + AWS_REGION: '${{ secrets.AWS_REGION }}' + AWS_TESTNET: '${{ secrets.AWS_ARN }}' steps: - name: checkout ecs repo uses: actions/checkout@v4 diff --git a/.github/workflows/deploy_testnet_api.yml b/.github/workflows/deploy_testnet_api.yml index fe7ee6de..acefe5c7 100644 --- a/.github/workflows/deploy_testnet_api.yml +++ b/.github/workflows/deploy_testnet_api.yml @@ -5,10 +5,10 @@ on: types: - published +run-name: Deploy Explorer-API to Testnet - ${{ inputs.release_tag }} by @${{ github.actor }} + env: - AWS_REGION: '${{ secrets.AWS_REGION }}' ENVIRONMENT: TESTNET - AWS_TESTNET: '${{ secrets.AWS_ARN }}' REGISTRY: 'ghcr.io' TAG: 'stable' VERSION: ${{ github.event.release.tag_name }} @@ -61,12 +61,14 @@ jobs: needs: push name: deploy runs-on: ubuntu-latest - + environment: testnet permissions: contents: read id-token: write actions: write - + env: + AWS_TESTNET: '${{ secrets.AWS_ARN }}' + AWS_REGION: '${{ secrets.AWS_REGION }}' steps: - name: checkout ecs repo uses: actions/checkout@v4