This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate and Upload SSL Certificate | |
| on: | |
| push: | |
| branches: | |
| - feature/fg-137 | |
| workflow_dispatch: | |
| jobs: | |
| generate-and-upload-cert: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Log in to Azure | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Install Certbot and the Domeneshop DNS plugin | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3-pip | |
| pip3 install certbot certbot-dns-domeneshop | |
| - name: Generate SSL certificate with Certbot (DNS-01 challenge) | |
| env: | |
| DOMAIN: backend.masus.no | |
| DOMAIN_ALTERNATE: www.backend.masus.no # Optional: if you want to include an additional domain (e.g., www) | |
| CERTBOT_EMAIL: fg-web@samfundet.no | |
| DNS_PROVIDER_CREDENTIALS: ${{ secrets.DOMENESHOP_CREDENTIALS_FILE }} # Path to your credentials file in GitHub Secrets | |
| run: | | |
| # Create a temporary file for the credentials | |
| echo "$DNS_PROVIDER_CREDENTIALS" > /tmp/domeneshop_credentials.ini | |
| # Run Certbot with DNS-01 challenge using Domeneshop | |
| certbot certonly \ | |
| --authenticator certbot-dns-domeneshop:dns-domeneshop \ | |
| --dns-domeneshop-credentials /tmp/domeneshop_credentials.ini \ | |
| --dns-domeneshop-propagation-seconds 120 \ | |
| --email $CERTBOT_EMAIL --agree-tos -n \ | |
| -d $DOMAIN \ | |
| -d $DOMAIN_ALTERNATE | |
| # Export the certificate to a .pfx file | |
| openssl pkcs12 -export -out cert.pfx -inkey /etc/letsencrypt/live/$DOMAIN/privkey.pem \ | |
| -in /etc/letsencrypt/live/$DOMAIN/fullchain.pem -passout pass:$PFX_PASSWORD | |
| - name: Upload certificate to Azure Application Gateway | |
| env: | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_RESOURCE_GROUP: hilfling-backend_group | |
| AZURE_APPLICATION_GATEWAY_NAME: hilfling-gateway | |
| PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }} | |
| run: | | |
| # Upload certificate to Azure Application Gateway | |
| az network application-gateway ssl-cert create \ | |
| --resource-group $AZURE_RESOURCE_GROUP \ | |
| --gateway-name $AZURE_APPLICATION_GATEWAY_NAME \ | |
| --name app-gateway-cert \ | |
| --cert-file cert.pfx \ | |
| --cert-password $PFX_PASSWORD |