configure iam role for gha #305
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cloud | |
| "on": | |
| push: | |
| branches: main | |
| paths: | |
| - cloud/** | |
| - cue.mod/** | |
| - cue.lib/** | |
| concurrency: augustfeng.app | |
| jobs: | |
| configure: | |
| name: configure | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: decrypt secrets | |
| run: cue cmd decrypt github.com/augustfengd/augustfeng.app/secrets | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} | |
| - name: import secrets | |
| run: cue cmd convert github.com/augustfengd/augustfeng.app/secrets | |
| container: | |
| image: ghcr.io/augustfengd/augustfeng.app/toolchain:latest | |
| traefik: | |
| name: traefik | |
| runs-on: ubuntu-latest | |
| if: github.event_name =='push' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: configure google application credentials | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| - name: install gcloud | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: gcloud components install gke-gcloud-auth-plugin | |
| run: 'gcloud components install gke-gcloud-auth-plugin ' | |
| - name: gcloud container clusters get-credentials augustfeng-app | |
| run: gcloud container clusters get-credentials augustfeng-app --zone=us-east1-b | |
| - name: decrypt secrets | |
| run: cue cmd decrypt github.com/augustfengd/augustfeng.app/secrets | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} | |
| - name: import secrets | |
| run: cue cmd convert github.com/augustfengd/augustfeng.app/secrets | |
| - name: decrypt secrets | |
| run: cue cmd decrypt github.com/augustfengd/augustfeng.app/cloud/kubernetes/traefik | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} | |
| - name: import secrets | |
| run: cue cmd convert github.com/augustfengd/augustfeng.app/cloud/kubernetes/traefik | |
| - name: cue cmd apply github.com/augustfengd/augustfeng.app/cloud/kubernetes/traefik | |
| run: cue cmd apply github.com/augustfengd/augustfeng.app/cloud/kubernetes/traefik | |
| container: | |
| image: ghcr.io/augustfengd/augustfeng.app/toolchain:latest | |
| prometheus: | |
| name: prometheus | |
| runs-on: ubuntu-latest | |
| if: github.event_name =='push' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: configure google application credentials | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| - name: install gcloud | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: gcloud components install gke-gcloud-auth-plugin | |
| run: 'gcloud components install gke-gcloud-auth-plugin ' | |
| - name: gcloud container clusters get-credentials augustfeng-app | |
| run: gcloud container clusters get-credentials augustfeng-app --zone=us-east1-b | |
| - name: decrypt secrets | |
| run: cue cmd decrypt github.com/augustfengd/augustfeng.app/secrets | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} | |
| - name: import secrets | |
| run: cue cmd convert github.com/augustfengd/augustfeng.app/secrets | |
| - name: decrypt secrets | |
| run: cue cmd decrypt github.com/augustfengd/augustfeng.app/cloud/kubernetes/prometheus | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} | |
| - name: import secrets | |
| run: cue cmd convert github.com/augustfengd/augustfeng.app/cloud/kubernetes/prometheus | |
| - name: cue cmd apply github.com/augustfengd/augustfeng.app/cloud/kubernetes/prometheus | |
| run: cue cmd apply github.com/augustfengd/augustfeng.app/cloud/kubernetes/prometheus | |
| container: | |
| image: ghcr.io/augustfengd/augustfeng.app/toolchain:latest |