GitHub-Bitwarden
/
gh-actions
mirror of https://github.com/bitwarden/gh-actions.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
384 Commits
42 Branches
3 Tags
38 MiB
 
 
 
 
 
Tree: faf84b1420
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'faf84b1420'
${ noResults }
gh-actions/.github/workflows/_ephemeral_environment_mana...

208 lines
6.7 KiB
Raw Blame History

name: Ephemeral Environment Manager
run-name: Ephemeral Environment - ${{ inputs.ephemeral_env_branch }}
on:
workflow_call:
inputs:
ephemeral_env_branch:
type: string
project:
type: string
default: server
cleanup_config:
type: boolean
sync_environment:
type: boolean
pull_request_number:
type: number
workflow_dispatch:
inputs:
ephemeral_env_branch:
type: string
required: true
project:
type: string
default: server
cleanup_config:
type: boolean
sync_environment:
type: boolean
pull_request_number:
type: number
env:
_KEY_VAULT: bitwarden-ci
_BOT_NAME: bitwarden-devops-bot
jobs:
check-run:
name: Check PR run
uses: ./.github/workflows/check-run.yml
permissions:
contents: read
create-branch:
name: Create Branch
runs-on: ubuntu-24.04
needs: check-run
permissions:
contents: read
id-token: write
steps:
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope,github-bitwarden-devops-bot-email"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Checkout Ephemeral Environment Charts
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
repository: bitwarden/ephemeral-environment-charts
token: "${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
persist-credentials: true
- name: Create Branch
env:
BRANCH_NAME: ee-config-${{ inputs.project }}-${{ inputs.pull_request_number }}
run: |
if ! git rev-parse --verify "origin/${BRANCH_NAME}"; then
git checkout -b "${BRANCH_NAME}"
git push origin "${BRANCH_NAME}"
fi
cleanup:
name: Cleanup config
if: ${{ inputs.cleanup_config }}
runs-on: ubuntu-24.04
needs: check-run
permissions:
contents: read
id-token: write
steps:
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope,github-bitwarden-devops-bot-email"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Checkout ${{ inputs.project }}
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
repository: bitwarden/${{ inputs.project }}
ref: ${{ inputs.ephemeral_env_branch }}
token: "${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
persist-credentials: true
- name: Remove config
working-directory: ephemeral-environments
env:
BRANCH_NAME: ${{ inputs.ephemeral_env_branch }}
run: rm -f "$BRANCH_NAME.yaml"
- name: Commit changes to ${{ inputs.ephemeral_env_branch }}
working-directory: ephemeral-environments
env:
BOT_EMAIL: ${{ steps.retrieve-secrets.outputs.github-bitwarden-devops-bot-email }}
BRANCH_NAME: ${{ inputs.ephemeral_env_branch }}
run: |
git config --local user.email "$BOT_EMAIL"
git config --local user.name "$_BOT_NAME"
git add "$BRANCH_NAME.yaml"
git commit -m "Removed $BRANCH_NAME.yaml config."
git push
sync-env:
name: Sync Ephemeral Environment
if: ${{ inputs.sync_environment }}
runs-on: ubuntu-24.04
needs:
- check-run
- create-branch
permissions:
contents: read
id-token: write
steps:
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: |
ephemeral-environment-argocd-cluster-url,
ephemeral-environment-argocd-cluster-api-secret,
ephemeral-environment-argocd-cluster-api-user
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Install ArgoCD CLI
run: |
curl -sSL -o argocd-linux-amd64 \
"https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64"
install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
argocd version --client
rm argocd-linux-amd64
- name: Log into Argo CD cluster
env:
ARGOCD_CLUSTER_URL: ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-url }}
ARGOCD_CLUSTER_API_USER: ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-user }}
ARGOCD_CLUSTER_API_SECRET: ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-secret }}
run: |
argocd login "${ARGOCD_CLUSTER_URL}" \
--username "${ARGOCD_CLUSTER_API_USER}" \
--password "${ARGOCD_CLUSTER_API_SECRET}"
- name: Sync Argo CD application
env:
ARGOCD_OPTS: --grpc-web
PR_NUMBER: ${{ inputs.pull_request_number }}
run: |
APP_NAME=$(argocd app list -o name | grep "${PR_NUMBER}")
# Check if there's a running sync operation
APP_SYNC_STATUS=$(argocd app get "$APP_NAME" --refresh -o json | jq -r '.status.operationState.phase')
if [ "$APP_SYNC_STATUS" == "Running" ]; then
echo "Found running sync operation, terminating to restart sync."
argocd app terminate-op "$APP_NAME"
fi
# Start new sync
argocd app sync "$APP_NAME" \
--retry-limit=3 \
--retry-backoff-duration=5s \
--retry-backoff-max-duration=30s \
--retry-backoff-factor=2