rails secrets was deprecated and removed in 7.1. #2188
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chartpress Publish and Deploy | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'staging' | |
- 'development' | |
- 'refactor/imposm' | |
jobs: | |
build: | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 120 | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
- name: Setup python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: '3.7' | |
- name: Setup git | |
run: git config --global user.email "[email protected]" && git config --global user.name "Github Action" | |
- name: Install Chartpress | |
run: | | |
pip install chartpress six ruamel.yaml | |
- name: Run Chartpress | |
run: chartpress --push | |
env: | |
GITHUB_TOKEN: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
################ Development secrets ################ | |
- name: Staging - substitute secrets | |
if: github.ref == 'refs/heads/development' | |
uses: bluwy/substitute-string-action@v1 | |
with: | |
_input-file: 'values.development.template.yaml' | |
_format-key: '{{key}}' | |
_output-file: 'values.development.yaml' | |
AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
## web | |
MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }} | |
MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }} | |
DEVELOPMENT_DB: ${{ secrets.STAGING_DB }} | |
DEVELOPMENT_DB_EBS: ${{ secrets.STAGING_DB_EBS }} | |
DEVELOPMENT_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }} | |
DEVELOPMENT_DB_USER: ${{ secrets.STAGING_DB_USER }} | |
DEVELOPMENT_DOMAIN_NAME: staging.openhistoricalmap.org | |
DEVELOPMENT_ID_KEY: ${{ secrets.STAGING_ID_KEY }} | |
DEVELOPMENT_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }} | |
DEVELOPMENT_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }} | |
DEVELOPMENT_OAUTH_KEY: ${{ secrets.STAGING_OAUTH_KEY }} | |
DEVELOPMENT_S3_BUCKET: osmseed-dev | |
## tiler | |
DEVELOPMENT_TILER_DB_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
DEVELOPMENT_TILER_DB_PASSWORD: ${{ secrets.STAGING_TILER_DB_PASSWORD }} | |
DEVELOPMENT_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
DEVELOPMENT_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
DEVELOPMENT_SQS_QUEUE_URL: ${{ secrets.STAGING_SQS_QUEUE_URL }} | |
## tm | |
DEVELOPMENT_TM_DB_PASSWORD: ${{ secrets.STAGING_TM_DB_PASSWORD }} | |
DEVELOPMENT_TM_API_SECRET: ${{ secrets.STAGING_TM_API_SECRET }} | |
DEVELOPMENT_TM_CLIENT_ID: ${{secrets.STAGING_TM_CLIENT_ID}} | |
DEVELOPMENT_TM_CLIENT_SECRET: ${{secrets.STAGING_TM_CLIENT_SECRET}} | |
## nominatim | |
DEVELOPMENT_NOMINATIM_PG_PASSWORD: ${{ secrets.STAGING_NOMINATIM_PG_PASSWORD }} | |
## osmcha | |
DEVELOPMENT_OSMCHA_PG_PASSWORD: ${{ secrets.STAGING_OSMCHA_PG_PASSWORD }} | |
DEVELOPMENT_OSMCHA_API_CONSUMER_KEY: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_KEY }} | |
DEVELOPMENT_OSMCHA_API_CONSUMER_SECRET: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_SECRET }} | |
DEVELOPMENT_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.STAGING_OSMCHA_DJANGO_SECRET_KEY }} | |
DEVELOPMENT_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
################ Staging secrets ################ | |
- name: Staging - substitute secrets | |
if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/development' | |
uses: bluwy/substitute-string-action@v1 | |
with: | |
_input-file: 'values.staging.template.yaml' | |
_format-key: '{{key}}' | |
_output-file: 'values.staging.yaml' | |
AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
## web | |
MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }} | |
MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }} | |
STAGING_DB: ${{ secrets.STAGING_DB }} | |
STAGING_DB_EBS: ${{ secrets.STAGING_DB_EBS }} | |
STAGING_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }} | |
STAGING_DB_USER: ${{ secrets.STAGING_DB_USER }} | |
STAGING_DOMAIN_NAME: staging.openhistoricalmap.org | |
STAGING_ID_KEY: ${{ secrets.STAGING_ID_KEY }} | |
STAGING_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }} | |
STAGING_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }} | |
STAGING_OAUTH_KEY: ${{ secrets.STAGING_OAUTH_KEY }} | |
STAGING_S3_BUCKET: ${{ secrets.STAGING_S3_BUCKET }} | |
## tiler | |
STAGING_TILER_DB_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
STAGING_TILER_DB_PASSWORD: ${{ secrets.STAGING_TILER_DB_PASSWORD }} | |
STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
STAGING_SQS_QUEUE_URL: ${{ secrets.STAGING_SQS_QUEUE_URL }} | |
## tm | |
STAGING_TM_API_CONSUMER_KEY: ${{ secrets.STAGING_TM_API_CONSUMER_KEY }} | |
STAGING_TM_API_CONSUMER_SECRET: ${{ secrets.STAGING_TM_API_CONSUMER_SECRET }} | |
STAGING_TM_DB_PASSWORD: ${{ secrets.STAGING_TM_DB_PASSWORD }} | |
STAGING_TM_API_SECRET: ${{ secrets.STAGING_TM_API_SECRET }} | |
STAGING_TM_CLIENT_ID: ${{secrets.STAGING_TM_CLIENT_ID}} | |
STAGING_TM_CLIENT_SECRET: ${{secrets.STAGING_TM_CLIENT_SECRET}} | |
## nominatim | |
STAGING_NOMINATIM_PG_PASSWORD: ${{ secrets.STAGING_NOMINATIM_PG_PASSWORD }} | |
## osmcha | |
STAGING_OSMCHA_PG_PASSWORD: ${{ secrets.STAGING_OSMCHA_PG_PASSWORD }} | |
STAGING_OSMCHA_API_CONSUMER_KEY: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_KEY }} | |
STAGING_OSMCHA_API_CONSUMER_SECRET: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_SECRET }} | |
STAGING_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.STAGING_OSMCHA_DJANGO_SECRET_KEY }} | |
STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
################ Production secrets ################ | |
- name: Production - substitute secrets | |
if: github.ref == 'refs/heads/main' | |
uses: bluwy/substitute-string-action@v1 | |
with: | |
_input-file: 'values.production.template.yaml' | |
_format-key: '{{key}}' | |
_output-file: 'values.production.yaml' | |
AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
## web | |
MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
MAILER_PASSWORD: ${{ secrets.MAILER_PASSWORD }} | |
MAILER_USERNAME: ${{ secrets.MAILER_USERNAME }} | |
PRODUCTION_DB: ${{ secrets.PRODUCTION_DB }} | |
PRODUCTION_DB_EBS: ${{ secrets.PRODUCTION_DB_EBS }} | |
PRODUCTION_DB_PASSWORD: ${{ secrets.PRODUCTION_DB_PASSWORD }} | |
PRODUCTION_DB_USER: ${{ secrets.PRODUCTION_DB_USER }} | |
PRODUCTION_DOMAIN_NAME: ${{ secrets.PRODUCTION_DOMAIN_NAME }} | |
PRODUCTION_ID_KEY: ${{ secrets.PRODUCTION_ID_KEY }} | |
PRODUCTION_ID_APPLICATION: ${{ secrets.PRODUCTION_ID_APPLICATION }} | |
PRODUCTION_OAUTH_CLIENT_ID: ${{ secrets.PRODUCTION_OAUTH_CLIENT_ID }} | |
PRODUCTION_OAUTH_KEY: ${{ secrets.PRODUCTION_OAUTH_KEY }} | |
PRODUCTION_S3_BUCKET: ${{ secrets.PRODUCTION_S3_BUCKET }} | |
PRODUCTION_DB_BACKUP_S3_BUCKET: ${{ secrets.PRODUCTION_DB_BACKUP_S3_BUCKET }} | |
## tiler | |
PRODUCTION_TILER_DB_HOST: ${{ secrets.PRODUCTION_TILER_DB_HOST }} | |
PRODUCTION_TILER_DB_PASSWORD: ${{ secrets.PRODUCTION_TILER_DB_PASSWORD }} | |
PRODUCTION_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.PRODUCTION_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
PRODUCTION_SQS_QUEUE_URL: ${{ secrets.PRODUCTION_SQS_QUEUE_URL }} | |
## tm | |
PRODUCTION_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRODUCTION_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
PRODUCTION_TM_API_CONSUMER_KEY: ${{ secrets.PRODUCTION_TM_API_CONSUMER_KEY }} | |
PRODUCTION_TM_API_CONSUMER_SECRET: ${{ secrets.PRODUCTION_TM_API_CONSUMER_SECRET }} | |
PRODUCTION_TM_DB_PASSWORD: ${{ secrets.PRODUCTION_TM_DB_PASSWORD }} | |
PRODUCTION_TM_API_SECRET: ${{ secrets.PRODUCTION_TM_API_SECRET }} | |
PRODUCTION_TM_CLIENT_ID: ${{secrets.PRODUCTION_TM_CLIENT_ID}} | |
PRODUCTION_TM_CLIENT_SECRET: ${{secrets.PRODUCTION_TM_CLIENT_SECRET}} | |
## nominatim | |
PRODUCTION_NOMINATIM_PG_PASSWORD: ${{ secrets.PRODUCTION_NOMINATIM_PG_PASSWORD }} | |
## osmcha | |
PRODUCTION_OSMCHA_PG_PASSWORD: ${{ secrets.PRODUCTION_OSMCHA_PG_PASSWORD }} | |
PRODUCTION_OSMCHA_API_CONSUMER_KEY: ${{ secrets.PRODUCTION_OSMCHA_API_CONSUMER_KEY }} | |
PRODUCTION_OSMCHA_API_CONSUMER_SECRET: ${{ secrets.PRODUCTION_OSMCHA_API_CONSUMER_SECRET }} | |
PRODUCTION_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.PRODUCTION_OSMCHA_DJANGO_SECRET_KEY }} | |
PRODUCTION_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.PRODUCTION_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
- name: AWS Credentials | |
if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Setup Kubectl and Helm Dependencies | |
if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
run: "sudo pip install awscli --ignore-installed six\nsudo curl -L -o /usr/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl\nsudo chmod +x /usr/bin/kubectl\nsudo curl -o /usr/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/aws-iam-authenticator\nsudo chmod +x /usr/bin/aws-iam-authenticator\nwget https://get.helm.sh/helm-v3.5.0-linux-amd64.tar.gz -O helm.tar.gz\ntar -xvzf helm.tar.gz\nsudo mv linux-amd64/helm /usr/local/bin/ \nsudo chmod +x /usr/local/bin/helm\n #magic___^_^___line\n" | |
- name: Update kube-config staging | |
if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/development' | |
run: aws eks --region us-east-1 update-kubeconfig --name osmseed-staging | |
- name: Update kube-config prod | |
if: github.ref == 'refs/heads/main' | |
run: aws eks --region us-east-1 update-kubeconfig --name osmseed-production-v2 | |
- name: Install helm dependencies for | |
if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
run: cd ohm && helm dep up | |
- name: Staging - helm deploy | |
if: github.ref == 'refs/heads/staging' | |
run: helm upgrade --install staging --wait ohm/ -f values.staging.yaml -f ohm/values.yaml | |
# - name: development - helm deploy | |
# if: github.ref == 'refs/heads/development' | |
# run: helm upgrade --install development --wait ohm/ -f values.staging.yaml -f ohm/values.yaml | |
- name: Production - helm deploy | |
if: github.ref == 'refs/heads/main' | |
run: helm upgrade --install production --wait ohm/ -f values.production.yaml -f ohm/values.yaml |