-
Notifications
You must be signed in to change notification settings - Fork 0
91 lines (82 loc) · 2.87 KB
/
pr-open.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: PR
on:
pull_request:
merge_group:
concurrency:
# Cancel in progress for PR open and close, but not merge_group
group: ${{ github.workflow }}-${{ github.event.number || github.event.merge_group.base_sha }}
cancel-in-progress: true
jobs:
builds:
name: Builds
if: '!github.event.pull_request.head.repo.fork'
runs-on: ubuntu-22.04
permissions:
packages: write
strategy:
matrix:
package: [nr-oracle-service, nr-oracle-service-init]
include:
- package: nr-oracle-service
build_file: Dockerfile
build_context: .
triggers: ('src/' 'pom.xml')
- package: nr-oracle-service-init
build_file: Dockerfile.certs
build_context: .
triggers: ('get_certs.sh' 'Dockerfile.certs')
steps:
- uses: actions/checkout@v4
- uses: bcgov-nr/action-builder-ghcr@v2.0.1
with:
package: ${{ matrix.package }}
tag: ${{ github.event.number }}
token: ${{ secrets.GITHUB_TOKEN }}
build_file: ${{ matrix.build_file }}
build_context: ${{ matrix.build_context }}
triggers: ${{ matrix.triggers }}
secrets:
name: Fetch Secrets
needs:
- builds
runs-on: ubuntu-22.04
environment: test
env:
project_name: nr-oracle
app_name: nr-oracle-service
environment: development
secret_path_env: dev # this path is different from the path in the broker
steps:
- uses: actions/checkout@v4
- name: Broker
id: broker
uses: bcgov-nr/action-vault-broker-approle@v1.1.0
with:
broker_jwt: ${{ secrets.BROKER_JWT }}
provision_role_id: ${{ secrets.PROVISION_ROLE }}
project_name: ${{ env.project_name }}
app_name: ${{ env.app_name }}
environment: ${{ env.environment }}
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v2.7.5
with:
url: https://vault-iit.apps.silver.devops.gov.bc.ca
token: ${{ steps.broker.outputs.vault_token }}
exportEnv: 'true'
secrets: |
apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbHost | DB_HOST;
apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbName | DB_NAME;
apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbPassword | DB_PWD;
apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbUser | DB_USER;
deploys:
name: Deploys
uses: ./.github/workflows/.deploy.yml
needs: [secrets]
secrets: inherit
with:
DB_HOST: ${{ env.DB_HOST }}
DB_NAME: ${{ env.DB_NAME }}
DB_PWD: ${{ env.DB_PWD }}
DB_USER: ${{ env.DB_USER }}
release: ${{ github.event.number }}