-
Notifications
You must be signed in to change notification settings - Fork 0
99 lines (98 loc) · 3.35 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: test
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
validate:
strategy:
fail-fast: false
matrix:
template:
- ubuntu-server
- consul
- vault
name: Validate
runs-on: ubuntu-latest
env:
VAULT_ADDR: http://localhost:8200
VAULT_TOKEN: token
PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run ansible-lint
uses: ansible/[email protected]
with:
path: "${{ matrix.template }}"
- name: Create bin dir for cached binaries
run: mkdir "${HOME}/bin"
- name: Start Vault Server
run: |
curl https://releases.hashicorp.com/vault/1.13.0/vault_1.13.0_linux_amd64.zip | \
gunzip -> "${HOME}/bin/vault" ; \
chmod u+x "${HOME}/bin/vault" ; \
${HOME}/bin/vault server -dev -dev-root-token-id=${VAULT_TOKEN} | tee vault-output.txt &
- name: Enable Secrets mounts
run: |
${HOME}/bin/vault secrets enable -path="digitalocean" -description="KV data" kv-v2 ; \
${HOME}/bin/vault secrets enable -path="kv" kv-v2
- name: Populate the DO secret
run: ${HOME}/bin/vault kv put -mount="digitalocean" tokens packer=${{ secrets.DO_TOKEN }}
- name: Populate vault autojoin token
run: ${HOME}/bin/vault kv patch -mount="digitalocean" tokens vault_auto_join=${{ secrets.DO_TOKEN }}
- name: Populate the GH secret
run: ${HOME}/bin/vault kv put -mount="kv" github ghcr_token=${{ secrets.GITHUB_TOKEN }}
- name: Populate Consul Encryption Key
run: ${HOME}/bin/vault kv put -mount="kv" consul encrypt=${{ secrets.CONSUL_ENCRYPT_KEY }}
- name: "Get Packer"
run: |
curl https://releases.hashicorp.com/packer/1.8.2/packer_1.8.2_linux_amd64.zip | \
gunzip -> "${HOME}/bin/packer" ; \
chmod u+x "${HOME}/bin/packer"
- name: Add Ansible requirements
run: python3 -m pip install -r requirements.txt
- name: Add Ansible collections
run: ansible-galaxy collection install community.hashi_vault
- name: Add Ansible roles
run: |
cd ${{ matrix.template }}
if [[ -f requirements.yml ]] ; then
ansible-galaxy install -r requirements.yml
fi
- name: "Init Packer"
run: |
cd ${{ matrix.template }} ; ${HOME}/bin/packer init .
- name: "Validate Packer templates"
run: cd ${{ matrix.template }} ; PATH=${PATH}:${HOME}/bin/ packer validate .
release:
needs:
- validate
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- name: Install dependencies
run: |
npm install -D \
"@semantic-release/commit-analyzer" \
"@semantic-release/release-notes-generator" \
"@semantic-release/changelog" \
"@semantic-release/github" \
"@semantic-release/git"
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release