Deploy Kubernetes secrets for hono api test environment #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manually deploy Kubernetes secrets for hono api test environment | |
| on: | |
| workflow_dispatch: # run manually | |
| pull_request: # run on pull requests | |
| jobs: | |
| deploy-kube-secrets-test: | |
| name: Deploy Kubernetes secrets to hono api test environment | |
| environment: | |
| name: hono-api-secrets-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Kubectl tool installer | |
| uses: Azure/setup-kubectl@v3 | |
| - name: Setup kubectl | |
| env: | |
| MICROK8S_CONFIG: ${{ secrets.MICROK8S_CONFIG }} | |
| run: | | |
| mkdir -p $HOME/.kube | |
| echo "${MICROK8S_CONFIG}" | base64 --decode > $HOME/.kube/config | |
| - name: Check kubectl get node | |
| run: kubectl get nodes -o wide | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Install jq | |
| run: sudo apt-get update && sudo apt-get install -y jq | |
| - name: deploy Kubernetes secrets to test environment | |
| run: | | |
| # Check if the namespace 'hono-api-test' is already created, if not, create it. | |
| NAMESPACE=$(kubectl get namespaces -o jsonpath="{.items[?(@.metadata.name=='hono-api-test')].metadata.name}") | |
| if [ -z "$NAMESPACE" ]; then | |
| echo "Namespace does not exist. Creating namespace..." | |
| kubectl apply -f microk8s-hono-api/hono-api-test/namespace.yaml | |
| else | |
| echo "Namespace already exists. Skipping creation." | |
| fi | |
| # create secret regcred for kubernetes to pull image from private registry on Github | |
| if ! kubectl -n hono-api-test get secret regcred; then | |
| # create the secret when no secret is found | |
| kubectl -n hono-api-test create secret docker-registry regcred --docker-username=${{ github.actor }} --docker-password=${{ secrets.GHCR_PAT }} --docker-server=ghcr.io | |
| else | |
| # check if kubernetes secret regcred needs an update, and update it when it is not the same as given secret GHCR_PAT from Github repository secret | |
| existing_pass=$(kubectl -n hono-api-test get secret regcred --template='{{index .data ".dockerconfigjson" | base64decode}}' | jq -r '.auths["ghcr.io"].password') | |
| if [[ "$existing_pass" != "${{ secrets.GHCR_PAT }}" ]]; then | |
| echo "Updating kubernetes secret as password from Github repository secret do not match." | |
| kubectl -n hono-api-test delete secret regcred | |
| kubectl -n hono-api-test create secret docker-registry regcred --docker-username=${{ github.actor }} --docker-password=${{ secrets.GHCR_PAT }} --docker-server=ghcr.io | |
| else | |
| echo "Secret regcred already exists, and it is the same as GHCR_PAT Github repository secret, skipping." | |
| fi | |
| fi | |
| # create secrets for hono api to use as environment variables defined in deployment.yaml in base directory | |
| if ! kubectl -n hono-api-test get secret esapikeycred; then | |
| # create the secret when no secret is found | |
| kubectl -n hono-api-test create secret generic esapikeycred --from-literal=esApiKey=${{ secrets.ES_APIKEY }} | |
| else | |
| # check if kubernetes secret esapikeycred needs an update, and update it when it is not the same as given secret ES_APIKEY from Github repository secret | |
| existing_pass=$(kubectl -n hono-api-test get secret esapikeycred --template='{{index .data "esApiKey" | base64decode}}') | |
| if [[ "$existing_pass" != "${{ secrets.ES_APIKEY }}" ]]; then | |
| echo "Updating kubernetes secret esapikeycred, as password from Github repository secret ES_APIKEY do not match." | |
| kubectl -n hono-api-test delete secret esapikeycred | |
| kubectl -n hono-api-test create secret generic esapikeycred --from-literal=esApiKey=${{ secrets.ES_APIKEY }} | |
| else | |
| echo "Secret esapikeycred already exists, and it is the same as ES_APIKEY Github repository secret, skipping." | |
| fi | |
| fi | |
| # create secrets for hono api to use as environment variables defined in deployment.yaml in base directory | |
| if ! kubectl -n hono-api-test get secret esobserveapikeycred; then | |
| # create the secret when no secret is found | |
| kubectl -n hono-api-test create secret generic esobserveapikeycred --from-literal=esObserveApiKey=${{ secrets.OBSERVE_ES_APIKEY }} | |
| else | |
| # check if kubernetes secret esobserveapikeycred needs an update, and update it when it is not the same as given secret OBSERVE_ES_APIKEY from Github repository secret | |
| existing_pass=$(kubectl -n hono-api-test get secret esobserveapikeycred --template='{{index .data "esObserveApiKey" | base64decode}}') | |
| if [[ "$existing_pass" != "${{ secrets.OBSERVE_ES_APIKEY }}" ]]; then | |
| echo "Updating kubernetes secret esobserveapikeycred, as password from Github repository secret OBSERVE_ES_APIKEY do not match." | |
| kubectl -n hono-api-test delete secret esobserveapikeycred | |
| kubectl -n hono-api-test create secret generic esobserveapikeycred --from-literal=esObserveApiKey=${{ secrets.OBSERVE_ES_APIKEY }} | |
| else | |
| echo "Secret esobserveapikeycred already exists, and it is the same as OBSERVE_ES_APIKEY Github repository secret, skipping." | |
| fi | |
| fi | |
| # create secrets for hono api to use as environment variables defined in deployment.yaml in base directory | |
| if ! kubectl -n hono-api-test get secret apieswritetokencred; then | |
| # create the secret when no secret is found | |
| kubectl -n hono-api-test create secret generic apieswritetokencred --from-literal=apiEsWriteToken=${{ secrets.API_ES_WRITE_TOKEN }} | |
| else | |
| # check if kubernetes secret apieswritetokencred needs an update, and update it when it is not the same as given secret API_ES_WRITE_TOKEN from Github repository secret | |
| existing_pass=$(kubectl -n hono-api-test get secret apieswritetokencred --template='{{index .data "apiEsWriteToken" | base64decode}}') | |
| if [[ "$existing_pass" != "${{ secrets.API_ES_WRITE_TOKEN }}" ]]; then | |
| echo "Updating kubernetes secret apieswritetokencred, as password from Github repository secret API_ES_WRITE_TOKEN do not match." | |
| kubectl -n hono-api-test delete secret apieswritetokencred | |
| kubectl -n hono-api-test create secret generic apieswritetokencred --from-literal=apiEsWriteToken=${{ secrets.API_ES_WRITE_TOKEN }} | |
| else | |
| echo "Secret apieswritetokencred already exists, and it is the same as API_ES_WRITE_TOKEN Github repository secret, skipping." | |
| fi | |
| fi |