feat: working in progress with secrets

filipeforattini · Apr 30, 2022 · 466bf13 · 466bf13
1 parent bd3a661
commit 466bf13
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 12 deletions.
diff --git a/.github/workflows/service-push.yml b/.github/workflows/service-push.yml
@@ -10,18 +10,6 @@ on:
       ecosystem:
         type: string
         required: false
-      containerRegistry:
-        type: string
-        required: false
-        default: ghcr.io
-
-      secretsDriver:
-        type: string
-        required: false
-        default: actions
-      secretsJson:
-        type: string
-        required: false
 
       mysqlEnabled:
         type: boolean
@@ -369,13 +357,26 @@ jobs:
         run: |
           echo "::set-output name=deploy_as_k8s::$(echo $PIPELINE_SETUP | jq -r '.deploy.deployAsK8s')"
           echo "::set-output name=deploy_as_chart::$(echo $PIPELINE_SETUP | jq -r '.deploy.deployAsChart')"
+          echo "::set-output name=has_dev_secrets::$(echo $PIPELINE_SETUP | jq -r '.deploy.hasDevSecrets')"
           echo "::set-output name=deploy_ecosystem::$(echo $PIPELINE_SETUP | jq -r '.deploy.ecosystem')"
           echo "::set-output name=deploy_organization::$(echo $PIPELINE_SETUP | jq -r '.deploy.organization')"
           echo "::set-output name=deploy_container_registry::$(echo $PIPELINE_SETUP | jq -r '.deploy.containerRegistry')"
           echo "::set-output name=deploy_repository::$(echo $PIPELINE_SETUP | jq -r '.deploy.repository')"
           echo "::set-output name=deploy_tag::$(echo $PIPELINE_SETUP | jq -r '.deploy.tag')"
 
       # deploy
+      - name: Decrypt Dev Secrets
+        env:
+          GPG_PASSWORD: ${{ secrets.GPG_DEV_PASSWORD }}
+        run: |
+          gpg \ 
+            --yes --batch --quiet --decrypt \ 
+            --output ./manifests/k8s-secrets.env
+            --passphrase="$GPG_PASSWORD" \
+            ./manifests/secrets/dev.gpg
+          echo -e "#@data/values\n---\n$(cat ./manifests/k8s-secrets.env)" > ./manifests/k8s-secrets.env
+          cat ./manifests/k8s-secrets.env
+
       - name: Install YTT
         uses: vmware-tanzu/carvel-setup-action@v1
         with:

diff --git a/src/scrappers/deploy.class.js b/src/scrappers/deploy.class.js
@@ -24,6 +24,14 @@ module.exports = class Deploy extends Scrapper {
     const deployAsChart = fs.existsSync(path.join(process.cwd(), 'manifests', 'charts-values.yml'))
       ? true
       : false
+
+    const hasDevSecrets = fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'dev.gpg'))
+      ? true
+      : false
+
+    const hasStgSecrets = fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'stg.gpg'))
+      ? true
+      : false
 
     this
       .add('dockerfile', {
@@ -33,6 +41,8 @@ module.exports = class Deploy extends Scrapper {
         podName,
         ecosystem,
         deployAsK8s,
+        hasDevSecrets,
+        hasStgSecrets,
         deployAsChart,
         containerRegistry,
       })