.github/workflows/deploy-kube-secrets-hono-api-test.yaml

name: Manually deploy Kubernetes secrets for hono api test environment

on:
  workflow_dispatch: # run manually
  pull_request: # run on pull requests

jobs:
  deploy-kube-secrets-test:
    name: Deploy Kubernetes secrets to hono api test environment
    environment:
      name: hono-api-secrets-test
    runs-on: ubuntu-latest

    steps:
      - name: Kubectl tool installer
        uses: Azure/setup-kubectl@v3

      - name: Setup kubectl
        env:
          MICROK8S_CONFIG: ${{ secrets.MICROK8S_CONFIG }}
        run: |
          mkdir -p $HOME/.kube
          echo "${MICROK8S_CONFIG}" | base64 --decode > $HOME/.kube/config

      - name: Check kubectl get node
        run: kubectl get nodes -o wide

      - name: Check out code
        uses: actions/checkout@v4

      - name: Install jq
        run: sudo apt-get update && sudo apt-get install -y jq

      - name: deploy Kubernetes secrets to test environment
        run: |
          # Check if the namespace 'hono-api-test' is already created, if not, create it.
          NAMESPACE=$(kubectl get namespaces -o jsonpath="{.items[?(@.metadata.name=='hono-api-test')].metadata.name}")
          if [ -z "$NAMESPACE" ]; then
            echo "Namespace does not exist. Creating namespace..."
            kubectl apply -f microk8s-hono-api/hono-api-test/namespace.yaml
          else
            echo "Namespace already exists. Skipping creation."
          fi
          # create secret regcred for kubernetes to pull image from private registry on Github
          if ! kubectl -n hono-api-test get secret regcred; then
            # create the secret when no secret is found
            kubectl -n hono-api-test create secret docker-registry regcred --docker-username=${{ github.actor }} --docker-password=${{ secrets.GHCR_PAT }} --docker-server=ghcr.io
          else
            # check if kubernetes secret regcred needs an update, and update it when it is not the same as given secret GHCR_PAT from Github repository secret
            existing_pass=$(kubectl -n hono-api-test get secret regcred --template='{{index .data ".dockerconfigjson" | base64decode}}' | jq -r '.auths["ghcr.io"].password')
            if [[ "$existing_pass" != "${{ secrets.GHCR_PAT }}" ]]; then
              echo "Updating kubernetes secret as password from Github repository secret do not match."
              kubectl -n hono-api-test delete secret regcred
              kubectl -n hono-api-test create secret docker-registry regcred --docker-username=${{ github.actor }} --docker-password=${{ secrets.GHCR_PAT }} --docker-server=ghcr.io
            else
              echo "Secret regcred already exists, and it is the same as GHCR_PAT Github repository secret, skipping."
            fi
          fi

          # create secrets for hono api to use as environment variables defined in deployment.yaml in base directory
          if ! kubectl -n hono-api-test get secret esapikeycred; then
            # create the secret when no secret is found
            kubectl -n hono-api-test create secret generic esapikeycred --from-literal=esApiKey=${{ secrets.ES_APIKEY }}
          else
            # check if kubernetes secret esapikeycred needs an update, and update it when it is not the same as given secret ES_APIKEY from Github repository secret
            existing_pass=$(kubectl -n hono-api-test get secret esapikeycred --template='{{index .data "esApiKey" | base64decode}}')
            if [[ "$existing_pass" != "${{ secrets.ES_APIKEY }}" ]]; then
              echo "Updating kubernetes secret esapikeycred, as password from Github repository secret ES_APIKEY do not match."
              kubectl -n hono-api-test delete secret esapikeycred
              kubectl -n hono-api-test create secret generic esapikeycred --from-literal=esApiKey=${{ secrets.ES_APIKEY }}
            else
              echo "Secret esapikeycred already exists, and it is the same as ES_APIKEY Github repository secret, skipping."
            fi
          fi

          # create secrets for hono api to use as environment variables defined in deployment.yaml in base directory
          if ! kubectl -n hono-api-test get secret esobserveapikeycred; then
            # create the secret when no secret is found
            kubectl -n hono-api-test create secret generic esobserveapikeycred --from-literal=esObserveApiKey=${{ secrets.OBSERVE_ES_APIKEY }}
          else
            # check if kubernetes secret esobserveapikeycred needs an update, and update it when it is not the same as given secret OBSERVE_ES_APIKEY from Github repository secret
            existing_pass=$(kubectl -n hono-api-test get secret esobserveapikeycred --template='{{index .data "esObserveApiKey" | base64decode}}')
            if [[ "$existing_pass" != "${{ secrets.OBSERVE_ES_APIKEY }}" ]]; then
              echo "Updating kubernetes secret esobserveapikeycred, as password from Github repository secret OBSERVE_ES_APIKEY do not match."
              kubectl -n hono-api-test delete secret esobserveapikeycred
              kubectl -n hono-api-test create secret generic esobserveapikeycred --from-literal=esObserveApiKey=${{ secrets.OBSERVE_ES_APIKEY }}
            else
              echo "Secret esobserveapikeycred already exists, and it is the same as OBSERVE_ES_APIKEY Github repository secret, skipping."
            fi
          fi

          # create secrets for hono api to use as environment variables defined in deployment.yaml in base directory
          if ! kubectl -n hono-api-test get secret apieswritetokencred; then
            # create the secret when no secret is found
            kubectl -n hono-api-test create secret generic apieswritetokencred --from-literal=apiEsWriteToken=${{ secrets.API_ES_WRITE_TOKEN }}
          else
            # check if kubernetes secret apieswritetokencred needs an update, and update it when it is not the same as given secret API_ES_WRITE_TOKEN from Github repository secret
            existing_pass=$(kubectl -n hono-api-test get secret apieswritetokencred --template='{{index .data "apiEsWriteToken" | base64decode}}')
            if [[ "$existing_pass" != "${{ secrets.API_ES_WRITE_TOKEN }}" ]]; then
              echo "Updating kubernetes secret apieswritetokencred, as password from Github repository secret API_ES_WRITE_TOKEN do not match."
              kubectl -n hono-api-test delete secret apieswritetokencred
              kubectl -n hono-api-test create secret generic apieswritetokencred --from-literal=apiEsWriteToken=${{ secrets.API_ES_WRITE_TOKEN }}
            else
              echo "Secret apieswritetokencred already exists, and it is the same as API_ES_WRITE_TOKEN Github repository secret, skipping."
            fi
          fi