Skip to content

Commit

Permalink
ci(vault): add action to retrieve token from broker (#89)
Browse files Browse the repository at this point in the history
  • Loading branch information
@DerekRoberts
Ricardo Campos authored and DerekRoberts committed May 14, 2024
1 parent 8cfd7ea commit 06d0f8c
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions .github/workflows/merge-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,12 +212,21 @@ jobs:
ZONE: test
NR_SPAR_ORACLE_API_VERSION: ${{ needs.release.outputs.version }}
steps:
- name: Broker
id: broker
uses: bcgov-nr/action-vault-broker-approle@v0.0.5
with:
broker_jwt: ${{ secrets.BROKER_JWT }}
provision_role_id: ${{ secrets.PROVISION_ROLE_ID }}
project_name: spar
app_name: app-spar
environment: test
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: https://vault-iit.apps.silver.devops.gov.bc.ca
token: ${{ secrets.VAULT_TOKEN }}
token: ${{ steps.broker.outputs.vault_token }}
exportEnv: 'false'
secrets: |
apps/data/test/spar/app-spar/db_proxy_read_only db_username | VAULT_DB_USER;
Expand All @@ -231,8 +240,7 @@ jobs:
# Login to OpenShift and select project
oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }}
oc project ${{ secrets.OC_NAMESPACE }}
# Do not replace database; 'oc create' kicks up an error if objects already exist
#oc process -f .github/openshift/deploy.database.yml -p ZONE=${{ env.ZONE }} | oc create -f - || true
# Process and apply deployment templates
oc process -f .github/openshift/deploy.backend.yml -p ZONE=${{ env.ZONE }} \
-p NR_SPAR_ORACLE_API_VERSION=test-${{ env.NR_SPAR_ORACLE_API_VERSION }} \
Expand Down Expand Up @@ -405,12 +413,21 @@ jobs:
oc project ${{ secrets.OC_NAMESPACE }}
oc delete is/${{ env.NAME }}-${{ env.ZONE}}-${{ env.COMPONENT }} || true
- name: Broker
id: broker
uses: bcgov-nr/action-vault-broker-approle@v0.0.5
with:
broker_jwt: ${{ secrets.BROKER_JWT }}
provision_role_id: ${{ secrets.PROVISION_ROLE_ID }}
project_name: spar
app_name: app-spar
environment: prod
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: https://vault-iit.apps.silver.devops.gov.bc.ca
token: ${{ secrets.VAULT_TOKEN }}
token: ${{ steps.broker.outputs.vault_token }}
exportEnv: 'false'
secrets: |
apps/data/prod/spar/app-spar/db_proxy_read_only db_username | VAULT_DB_USER;
Expand Down

0 comments on commit 06d0f8c

Please sign in to comment.