bunkerized-nginx/.github/workflows/staging-create-infra.yml

name: Create staging infra (REUSABLE)

on:
  workflow_call:
    inputs:
      TYPE:
        required: true
        type: string
    secrets:
      CICD_SECRETS:
        required: true
      SECRET_KEY:
        required: true
      K8S_IP:
        required: true

jobs:
  create:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Generate SSH keypair
        run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n  StrictHostKeyChecking no" > ~/.ssh/ssh_config
        if: inputs.TYPE != 'k8s'
      - name: Checkout source code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Install terraform
        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
      - name: Install kubectl
        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
        if: inputs.TYPE == 'k8s'
        with:
          version: "v1.28.2"
      - name: Set up Python 3.11
        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
        if: inputs.TYPE != 'k8s'
        with:
          python-version: "3.11"
      - name: Install ansible
        run: pip install --no-cache-dir --require-hashes -r misc/requirements-ansible.txt
        if: inputs.TYPE != 'k8s'
      - name: Install ansible libs
        run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general
        if: inputs.TYPE != 'k8s'
      # Create infra
      - run: ./tests/create.sh ${{ inputs.TYPE }}
        env:
          CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
          K8S_IP: ${{ secrets.K8S_IP }}
      - run: |
          tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
          echo "$SECRET_KEY" > /tmp/.secret_key
          openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out terraform.tar.enc
          rm -f /tmp/.secret_key
        if: always()
        env:
          SECRET_KEY: ${{ secrets.SECRET_KEY }}
      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
        if: always()
        with:
          name: tf-${{ inputs.TYPE }}
          path: terraform.tar.enc
ci/cd - init work 2023-03-01 17:46:40 +01:00			`name: Create staging infra (REUSABLE)`

ci/cd - remove subfolder and continue work on staging 2023-03-02 11:56:14 +01:00			`on:`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`workflow_call:`
			`inputs:`
			`TYPE:`
			`required: true`
			`type: string`
			`secrets:`
			`CICD_SECRETS:`
			`required: true`
ci/cd - fix secret key 2023-08-31 08:17:56 +02:00			`SECRET_KEY:`
			`required: true`
			`K8S_IP:`
			`required: true`
ci/cd - init work 2023-03-01 17:46:40 +01:00
			`jobs:`
			`create:`
			`runs-on: ubuntu-latest`
			`steps:`
			`# Prepare`
			`- name: Generate SSH keypair`
			`run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config`
			`if: inputs.TYPE != 'k8s'`
			`- name: Checkout source code`
deps/gha: bump actions/checkout from 4.1.0 to 4.1.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2023-10-18 06:15:57 +02:00			`uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`- name: Install terraform`
deps/gha: bump hashicorp/setup-terraform from 2.0.3 to 3.0.0 Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2.0.3 to 3.0.0. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/setup-terraform/compare/633666f66e0061ca3b725c73b2ec20cd13a8fdd1...a1502cd9e758c50496cc9ac5308c4843bcd56d36) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-10-30 13:28:06 +01:00			`uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`- name: Install kubectl`
Use hashes instead of versions in github workflows 2023-10-02 18:30:17 +02:00			`uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`if: inputs.TYPE == 'k8s'`
ci/cd - trying to fix azure/kubectl action 2023-10-19 15:47:12 +02:00			`with:`
prepare for 1.5.3 🚀 2023-10-20 16:34:12 +02:00			`version: "v1.28.2"`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`- name: Set up Python 3.11`
Use hashes instead of versions in github workflows 2023-10-02 18:30:17 +02:00			`uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`if: inputs.TYPE != 'k8s'`
			`with:`
Lint code 2023-03-09 10:04:59 +01:00			`python-version: "3.11"`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`- name: Install ansible`
Updated Dockerfile, python deps and npm package to use pinned dependencies 2023-09-29 17:47:34 +02:00			`run: pip install --no-cache-dir --require-hashes -r misc/requirements-ansible.txt`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`if: inputs.TYPE != 'k8s'`
			`- name: Install ansible libs`
Update staging-create-infra to use a static version for monolithprojects.github_actions_runner == 1.18.1 2023-08-21 18:15:09 +02:00			`run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`if: inputs.TYPE != 'k8s'`
			`# Create infra`
			`- run: ./tests/create.sh ${{ inputs.TYPE }}`
			`env:`
			`CICD_SECRETS: ${{ secrets.CICD_SECRETS }}`
ci/cd - fix secret key 2023-08-31 08:17:56 +02:00			`K8S_IP: ${{ secrets.K8S_IP }}`
ci/cd - staging improvements 2023-08-25 17:51:32 +02:00			`- run: \|`
ci/cd - fix k8s tf 2023-08-30 15:19:02 +02:00			`tar -cf terraform.tar /tmp/${{ inputs.TYPE }}`
ci/cd - staging improvements 2023-08-25 17:51:32 +02:00			`echo "$SECRET_KEY" > /tmp/.secret_key`
ci/cd - use same md for openssl commands 2023-08-31 06:36:05 +02:00			`openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out terraform.tar.enc`
ci/cd - staging improvements 2023-08-25 17:51:32 +02:00			`rm -f /tmp/.secret_key`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`if: always()`
ci/cd - staging improvements 2023-08-25 17:51:32 +02:00			`env:`
			`SECRET_KEY: ${{ secrets.SECRET_KEY }}`
Use hashes instead of versions in github workflows 2023-10-02 18:30:17 +02:00			`- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3`
ci/cd - init work 2023-03-01 17:46:40 +01:00			`if: always()`
			`with:`
			`name: tf-${{ inputs.TYPE }}`
ci/cd - staging improvements 2023-08-25 17:51:32 +02:00			`path: terraform.tar.enc`