fix: using newer docker login action

filipeforattini · May 12, 2022 · 62eb108 · 62eb108
1 parent 2cdead1
commit 62eb108
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 40 deletions.
diff --git a/.github/workflows/service-push.yml b/.github/workflows/service-push.yml
@@ -526,7 +526,8 @@ jobs:
         run: |
           echo "::set-output name=deploy_as_k8s::$(echo $PIPELINE_SETUP | jq -r '.deploy.deployAsK8s')"
           echo "::set-output name=deploy_as_chart::$(echo $PIPELINE_SETUP | jq -r '.deploy.deployAsChart')"
-          echo "::set-output name=has_dev_secrets::$(echo $PIPELINE_SETUP | jq -r '.deploy.hasDevSecrets')"
+          echo "::set-output name=has_dev_secrets::$(echo $PIPELINE_SETUP | jq -r '.deploy.secrets.dev')"
+          echo "::set-output name=has_dev_configs::$(echo $PIPELINE_SETUP | jq -r '.deploy.configs.dev')"
           echo "::set-output name=deploy_ecosystem::$(echo $PIPELINE_SETUP | jq -r '.deploy.ecosystem')"
           echo "::set-output name=deploy_organization::$(echo $PIPELINE_SETUP | jq -r '.deploy.organization')"
           echo "::set-output name=deploy_container_registry::$(echo $PIPELINE_SETUP | jq -r '.deploy.containerRegistry')"
@@ -539,28 +540,42 @@ jobs:
             *)     echo "::set-output name=deploy_namespace::$(echo $PIPELINE_SETUP | jq -r '.deploy.namespace')";;
           esac
 
-      - name: Config | Login to Container Registry
-        uses: docker/login-action@v2
+      # deploy
+      - name: K8s create namespace
+        uses: steebchen/kubectl@v2.0.0
         with:
-          logout: false
-          registry: ${{ inputs.containerRegistry }}
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
+          config: ${{ secrets.KUBE_CONFIG }}
+          command: create namespace ${{steps.deploy_setup.outputs.deploy_namespace}} --dry-run=client --validate=false --output=yaml | kubectl apply -f -
 
-      - name: Config | Gives runner access to docker config file 
-        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
-        run: |
-          sudo chown $(whoami):docker /home/$(whoami)/.docker/config.json
-          cp /home/$(whoami)/.docker/config.json ./manifests/docker-config.json
+      # configs
+      - name: K8s create config-map
+        if: steps.deploy_setup.outputs.has_dev_configs == 'true'
+        uses: steebchen/kubectl@v2.0.0
+        with:
+          config: ${{ secrets.KUBE_CONFIG }}
+          command: create configmap -n ${{steps.deploy_setup.outputs.deploy_namespace}} svc --from-env-file=./manifests/configs/dev.env --dry-run=client --validate=false --output=yaml | kubectl apply -f -
 
-      # deploy
-      - name: K8s create namespace
+      - name: K8s create versioned config-map
+        if: steps.deploy_setup.outputs.has_dev_configs == 'true'
+        uses: steebchen/kubectl@v2.0.0
+        with:
+          config: ${{ secrets.KUBE_CONFIG }}
+          command: create configmap -n ${{steps.deploy_setup.outputs.deploy_namespace}} svc-${{needs.Release-Node.outputs.Version}} --from-env-file=./manifests/configs/dev.env --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+
+      - name: K8s get config-map to inject (pt1)
         if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
         uses: steebchen/kubectl@v2.0.0
         with:
           config: ${{ secrets.KUBE_CONFIG }}
-          command: create namespace ${{steps.deploy_setup.outputs.deploy_namespace}} --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+          command: get configmap -n ${{steps.deploy_setup.outputs.deploy_namespace}} svc -o jsonpath='{.data}' > ./manifests/k8s-configs-keys.txt
 
+      - name: K8s get config-map to inject (pt2)
+        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
+        run: |
+          sudo chown $(whoami) ./manifests/k8s-configs-keys.txt
+          cat ./manifests/k8s-configs-keys.txt | jq -r 'keys[]' |  tr '\n' '~' | sed 's/~/,/g;s/,$//' > ./manifests/k8s-configs-keys.txt
+
+      # secrets
       - name: Decrypt DEV secrets
         if: steps.deploy_setup.outputs.has_dev_secrets == 'true'
         run: |
@@ -571,26 +586,19 @@ jobs:
             ./manifests/secrets/dev.gpg
 
       - name: K8s create secrets
-        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
+        if: steps.deploy_setup.outputs.has_dev_secrets == 'true'
         uses: steebchen/kubectl@v2.0.0
         with:
           config: ${{ secrets.KUBE_CONFIG }}
           command: create secret generic -n ${{steps.deploy_setup.outputs.deploy_namespace}} svc --from-env-file=./manifests/k8s-secrets.env --dry-run=client --validate=false --output=yaml | kubectl apply -f -
 
       - name: K8s create versioned secrets
-        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
+        if: steps.deploy_setup.outputs.has_dev_secrets == 'true'
         uses: steebchen/kubectl@v2.0.0
         with:
           config: ${{ secrets.KUBE_CONFIG }}
           command: create secret generic -n ${{steps.deploy_setup.outputs.deploy_namespace}} svc-${{needs.Release-Node.outputs.Version}} --from-env-file=./manifests/k8s-secrets.env --dry-run=client --validate=false --output=yaml | kubectl apply -f -
 
-      - name: K8s create registry-token secret
-        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
-        uses: steebchen/kubectl@v2.0.0
-        with:
-          config: ${{ secrets.KUBE_CONFIG }}
-          command: create secret generic -n ${{steps.deploy_setup.outputs.deploy_namespace}} registry-token --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=./manifests/docker-config.json --dry-run=client --validate=false --output=yaml | kubectl apply -f -
-
       - name: K8s get secrets keys to inject (pt1)
         if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
         uses: steebchen/kubectl@v2.0.0
@@ -604,6 +612,37 @@ jobs:
           sudo chown $(whoami) ./manifests/k8s-secrets-keys.txt
           cat ./manifests/k8s-secrets-keys.txt | jq -r 'keys[]' |  tr '\n' '~' | sed 's/~/,/g;s/,$//' > ./manifests/k8s-secrets-keys.txt
 
+      # secrets for registry auth
+      - name: DEBUG | Login to Container Registry 1
+        uses: docker/login-action@v2
+        run: sudo cat ~/.docker/config
+
+      - name: Config | Login to Container Registry
+        uses: docker/login-action@v2
+        with:
+          logout: false
+          registry: ${{ inputs.containerRegistry }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Config | Gives runner access to docker config file 
+        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
+        run: |
+          sudo chown $(whoami):docker /home/$(whoami)/.docker/config.json
+          cp /home/$(whoami)/.docker/config.json ./manifests/docker-config.json
+
+      - name: DEBUG | Login to Container Registry 2
+        uses: docker/login-action@v2
+        run: sudo cat ~/.docker/config
+
+      - name: K8s create registry-token secret
+        if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
+        uses: steebchen/kubectl@v2.0.0
+        with:
+          config: ${{ secrets.KUBE_CONFIG }}
+          command: create secret generic -n ${{steps.deploy_setup.outputs.deploy_namespace}} registry-token --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=./manifests/docker-config.json --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+
+      # generates
       - name: K8s generates final yml
         if: steps.deploy_setup.outputs.deploy_as_k8s == 'true'
         run: |
@@ -616,9 +655,11 @@ jobs:
             --data-value repository=${{steps.deploy_setup.outputs.deploy_repository}} \
             --data-value containerRegistry=${{steps.deploy_setup.outputs.deploy_container_registry}} \
             --data-value tag=${{steps.deploy_setup.outputs.deploy_tag}} \
+            --data-value-yaml deployment.imagePullSecrets=true \
+            --data-value-yaml envFromSecrets="[$(cat ./manifests/k8s-secrets-keys.txt)]" \
+            --data-value-yaml envFromConfigs="[$(cat ./manifests/k8s-configs-keys.txt)]" \
             --data-value pipelineControl.datetime=${{steps.deploy_setup.outputs.run_started_at}} \
             --data-value-yaml pipelineControl.environmentsAsNamespaces=${{inputs.environmentsAsNamespaces}} \
-            --data-value-yaml envFromSecrets="[$(cat ./manifests/k8s-secrets-keys.txt)]" \
               > ./manifests/k8s-to-apply.yml
 
       - name: Debug | Print k8s-to-apply.yml

diff --git a/deploy/as-k8s/service.schema.yml b/deploy/as-k8s/service.schema.yml
@@ -12,11 +12,13 @@ tag: latest
 features:
   enableLinkerd: false
 
-#! environments
+#! environment
 #@schema/type any=True
 env: []
 #@schema/type any=True
 envFromSecrets: []
+#@schema/type any=True
+envFromConfigMaps: []
 
 #! k8s resources
 namespace:
@@ -31,6 +33,7 @@ deployment:
   labels: {}
   annotations: {}
   resources: {}
+  imagePullSecrets: false
 
   templateLabels: {}
   matchLabels: 

diff --git a/deploy/as-k8s/service.yml b/deploy/as-k8s/service.yml
@@ -49,7 +49,7 @@ apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: pipeline-config
+  name: pipeline
   namespace: #@ namespace
 
   #@ secretAnnotations = {}
@@ -96,8 +96,12 @@ spec:
       #@ deploymentTemplateLabels.update(data.values.deployment.templateLabels)
       labels: #@ deploymentTemplateLabels
     spec:
+      restartPolicy: Always
+
+      #@ if/end data.values.deployment.imagePullSecrets:
       imagePullSecrets:
         - name: registry-token
+
       containers:
         - name: #@ data.values.deployment.name
           image: #@ "{}/{}/{}:{}".format(data.values.containerRegistry, data.values.organization, data.values.repository, data.values.tag)
@@ -117,6 +121,17 @@ spec:
           #@    }
           #@   }])
           #@ end
+          #@ for i in data.values.envFromConfigMaps:
+          #@   deploymentEnvs.extend([{ 
+          #@    "name": i, 
+          #@    "valueFrom": {
+          #@      "configMapKeyRef": {
+          #@        "name": "svc",
+          #@        "key": i,
+          #@      }
+          #@    }
+          #@   }])
+          #@ end
           env: #@ deploymentEnvs
 #@ end
 

diff --git a/src/scrappers/deploy.class.js b/src/scrappers/deploy.class.js
@@ -17,20 +17,23 @@ module.exports = class Deploy extends Scrapper {
     const ecosystem = this.inputs.ecosystem || repository.split('-')[0]
 
     const deployAsK8s = fs.existsSync(path.join(process.cwd(), 'manifests', 'k8s-values.yml'))
-      ? true
-      : false
-
     const deployAsChart = fs.existsSync(path.join(process.cwd(), 'manifests', 'charts-values.yml'))
-      ? true
-      : false
 
-    const hasDevSecrets = fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'dev.gpg'))
-      ? true
-      : false
+    const secrets = {
+      dev: fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'dev.gpg')),
+      stg: fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'stg.gpg')),
+      prd: fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'prd.gpg')),
+      sbx: fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'sbx.gpg')),
+      dry: fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'dry.gpg')),
+    }
 
-    const hasStgSecrets = fs.existsSync(path.join(process.cwd(), 'manifests', 'secrets', 'stg.gpg'))
-      ? true
-      : false
+    const configs = {
+      dev: fs.existsSync(path.join(process.cwd(), 'manifests', 'configs', 'dev.env')),
+      stg: fs.existsSync(path.join(process.cwd(), 'manifests', 'configs', 'stg.env')),
+      prd: fs.existsSync(path.join(process.cwd(), 'manifests', 'configs', 'prd.env')),
+      sbx: fs.existsSync(path.join(process.cwd(), 'manifests', 'configs', 'sbx.env')),
+      dry: fs.existsSync(path.join(process.cwd(), 'manifests', 'configs', 'dry.env')),
+    }
 
     this
       .add('dockerfile', {
@@ -47,9 +50,9 @@ module.exports = class Deploy extends Scrapper {
           sbx: `${repository}-sbx`,
           dry: `${repository}-dry`,
         },
+        secrets,
+        configs,
         deployAsK8s,
-        hasDevSecrets,
-        hasStgSecrets,
         deployAsChart,
         containerRegistry,
       })