Skip to content

Block openapi endpoints (#116) #150

Block openapi endpoints (#116)

Block openapi endpoints (#116) #150

Workflow file for this run

name: Build & Deploy
on:
push:
branches:
- main
workflow_dispatch:
schedule:
- cron: '0 8 * * 1'
permissions:
id-token: write
contents: read
packages: write
concurrency:
group: "pub-metrics-grafana"
jobs:
package:
uses: Chia-Network/actions/.github/workflows/docker-build.yaml@main
with:
alternate-latest-mode: true
deploy:
name: Deploy ${{ matrix.colo.region }}
needs:
- package
runs-on: "k8s-public-${{ matrix.colo.region }}"
container:
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3
strategy:
fail-fast: false
matrix:
colo:
- region: fmt
- region: msp
- region: ldn
- region: sin
env:
REGION: ${{ matrix.colo.region }}
steps:
- uses: actions/checkout@v4
- name: Vault Login
uses: Chia-Network/actions/vault/login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
role_name: github-pub-metrics-grafana
- name: Get secrets from vault
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ env.VAULT_TOKEN }}
secrets: |
secret/data/${{ matrix.colo.region }}/k8s/k8s-${{ matrix.colo.region }} api_server_url | K8S_API_SERVER_URL;
secret/data/${{ matrix.colo.region }}/mysql/db-info host | DB_HOST;
secret/data/${{ matrix.colo.region }}/mysql/users/grafana-read-pub username | GRAFANA_PUB_READ_USERNAME;
secret/data/${{ matrix.colo.region }}/mysql/users/grafana-read-pub password | GRAFANA_PUB_READ_PASSWORD;
- name: Template grafana configs
run: |
j2 templates/datasources.yaml.j2 -o helm/pub-metrics-grafana/datasources
- name: Login to k8s cluster
uses: Chia-Network/actions/vault/k8s-login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
vault_token: ${{ env.VAULT_TOKEN }}
backend_name: k8s-${{ matrix.colo.region }}
role_name: github-actions
cluster_url: ${{ env.K8S_API_SERVER_URL }}
- uses: Chia-Network/actions/helm/deploy@main
env:
REPLICAS: 3
HOSTNAME: "dashboard.chia.net"
IMAGE_TAG: "sha-${{ github.sha }}"
with:
namespace: grafana-pub
app_name: grafana
helm_chart: "./helm/pub-metrics-grafana"
helm_values: "./helm/values.yaml"
- name: Trigger downstream workflows
uses: Chia-Network/actions/github/glue@main
with:
glue_url: ${{ secrets.GLUE_API_URL }}
glue_project: "pub-metrics-grafana"
glue_path: "trigger"