Try new secret #2190
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Chartpress Publish and Deploy | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'staging' | |
| - 'development' | |
| - 'refactor/imposm' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 120 | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
| - name: Setup python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.7' | |
| - name: Setup git | |
| run: git config --global user.email "[email protected]" && git config --global user.name "Github Action" | |
| - name: Install Chartpress | |
| run: | | |
| pip install chartpress six ruamel.yaml | |
| - name: Run Chartpress | |
| run: chartpress --push | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
| ################ Development secrets ################ | |
| - name: Staging - substitute secrets | |
| if: github.ref == 'refs/heads/development' | |
| uses: bluwy/substitute-string-action@v1 | |
| with: | |
| _input-file: 'values.development.template.yaml' | |
| _format-key: '{{key}}' | |
| _output-file: 'values.development.yaml' | |
| AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
| ## web | |
| MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
| MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
| MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }} | |
| MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }} | |
| DEVELOPMENT_DB: ${{ secrets.STAGING_DB }} | |
| DEVELOPMENT_DB_EBS: ${{ secrets.STAGING_DB_EBS }} | |
| DEVELOPMENT_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }} | |
| DEVELOPMENT_DB_USER: ${{ secrets.STAGING_DB_USER }} | |
| DEVELOPMENT_DOMAIN_NAME: staging.openhistoricalmap.org | |
| DEVELOPMENT_ID_KEY: ${{ secrets.STAGING_ID_KEY }} | |
| DEVELOPMENT_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }} | |
| DEVELOPMENT_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }} | |
| DEVELOPMENT_OAUTH_KEY: ${{ secrets.STAGING_OAUTH_KEY }} | |
| DEVELOPMENT_S3_BUCKET: osmseed-dev | |
| ## tiler | |
| DEVELOPMENT_TILER_DB_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
| DEVELOPMENT_TILER_DB_PASSWORD: ${{ secrets.STAGING_TILER_DB_PASSWORD }} | |
| DEVELOPMENT_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
| DEVELOPMENT_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
| DEVELOPMENT_SQS_QUEUE_URL: ${{ secrets.STAGING_SQS_QUEUE_URL }} | |
| ## tm | |
| DEVELOPMENT_TM_DB_PASSWORD: ${{ secrets.STAGING_TM_DB_PASSWORD }} | |
| DEVELOPMENT_TM_API_SECRET: ${{ secrets.STAGING_TM_API_SECRET }} | |
| DEVELOPMENT_TM_CLIENT_ID: ${{secrets.STAGING_TM_CLIENT_ID}} | |
| DEVELOPMENT_TM_CLIENT_SECRET: ${{secrets.STAGING_TM_CLIENT_SECRET}} | |
| ## nominatim | |
| DEVELOPMENT_NOMINATIM_PG_PASSWORD: ${{ secrets.STAGING_NOMINATIM_PG_PASSWORD }} | |
| ## osmcha | |
| DEVELOPMENT_OSMCHA_PG_PASSWORD: ${{ secrets.STAGING_OSMCHA_PG_PASSWORD }} | |
| DEVELOPMENT_OSMCHA_API_CONSUMER_KEY: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_KEY }} | |
| DEVELOPMENT_OSMCHA_API_CONSUMER_SECRET: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_SECRET }} | |
| DEVELOPMENT_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.STAGING_OSMCHA_DJANGO_SECRET_KEY }} | |
| DEVELOPMENT_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
| OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
| ################ Staging secrets ################ | |
| - name: Staging - substitute secrets | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/development' | |
| uses: bluwy/substitute-string-action@v1 | |
| with: | |
| _input-file: 'values.staging.template.yaml' | |
| _format-key: '{{key}}' | |
| _output-file: 'values.staging.yaml' | |
| AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
| ## web | |
| MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
| MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
| MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }} | |
| MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }} | |
| STAGING_DB: ${{ secrets.STAGING_DB }} | |
| STAGING_DB_EBS: ${{ secrets.STAGING_DB_EBS }} | |
| STAGING_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }} | |
| STAGING_DB_USER: ${{ secrets.STAGING_DB_USER }} | |
| STAGING_DOMAIN_NAME: staging.openhistoricalmap.org | |
| STAGING_ID_KEY: ${{ secrets.STAGING_ID_KEY }} | |
| STAGING_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }} | |
| STAGING_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }} | |
| STAGING_OAUTH_KEY: ${{ secrets.STAGING_OAUTH_KEY }} | |
| STAGING_S3_BUCKET: ${{ secrets.STAGING_S3_BUCKET }} | |
| ## tiler | |
| STAGING_TILER_DB_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
| STAGING_TILER_DB_PASSWORD: ${{ secrets.STAGING_TILER_DB_PASSWORD }} | |
| STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
| STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
| STAGING_SQS_QUEUE_URL: ${{ secrets.STAGING_SQS_QUEUE_URL }} | |
| ## tm | |
| STAGING_TM_API_CONSUMER_KEY: ${{ secrets.STAGING_TM_API_CONSUMER_KEY }} | |
| STAGING_TM_API_CONSUMER_SECRET: ${{ secrets.STAGING_TM_API_CONSUMER_SECRET }} | |
| STAGING_TM_DB_PASSWORD: ${{ secrets.STAGING_TM_DB_PASSWORD }} | |
| STAGING_TM_API_SECRET: ${{ secrets.STAGING_TM_API_SECRET }} | |
| STAGING_TM_CLIENT_ID: ${{secrets.STAGING_TM_CLIENT_ID}} | |
| STAGING_TM_CLIENT_SECRET: ${{secrets.STAGING_TM_CLIENT_SECRET}} | |
| ## nominatim | |
| STAGING_NOMINATIM_PG_PASSWORD: ${{ secrets.STAGING_NOMINATIM_PG_PASSWORD }} | |
| ## osmcha | |
| STAGING_OSMCHA_PG_PASSWORD: ${{ secrets.STAGING_OSMCHA_PG_PASSWORD }} | |
| STAGING_OSMCHA_API_CONSUMER_KEY: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_KEY }} | |
| STAGING_OSMCHA_API_CONSUMER_SECRET: ${{ secrets.STAGING_OSMCHA_API_CONSUMER_SECRET }} | |
| STAGING_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.STAGING_OSMCHA_DJANGO_SECRET_KEY }} | |
| STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
| OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
| ################ Production secrets ################ | |
| - name: Production - substitute secrets | |
| if: github.ref == 'refs/heads/main' | |
| uses: bluwy/substitute-string-action@v1 | |
| with: | |
| _input-file: 'values.production.template.yaml' | |
| _format-key: '{{key}}' | |
| _output-file: 'values.production.yaml' | |
| AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
| ## web | |
| MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
| MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
| MAILER_PASSWORD: ${{ secrets.MAILER_PASSWORD }} | |
| MAILER_USERNAME: ${{ secrets.MAILER_USERNAME }} | |
| PRODUCTION_DB: ${{ secrets.PRODUCTION_DB }} | |
| PRODUCTION_DB_EBS: ${{ secrets.PRODUCTION_DB_EBS }} | |
| PRODUCTION_DB_PASSWORD: ${{ secrets.PRODUCTION_DB_PASSWORD }} | |
| PRODUCTION_DB_USER: ${{ secrets.PRODUCTION_DB_USER }} | |
| PRODUCTION_DOMAIN_NAME: ${{ secrets.PRODUCTION_DOMAIN_NAME }} | |
| PRODUCTION_ID_KEY: ${{ secrets.PRODUCTION_ID_KEY }} | |
| PRODUCTION_ID_APPLICATION: ${{ secrets.PRODUCTION_ID_APPLICATION }} | |
| PRODUCTION_OAUTH_CLIENT_ID: ${{ secrets.PRODUCTION_OAUTH_CLIENT_ID }} | |
| PRODUCTION_OAUTH_KEY: ${{ secrets.PRODUCTION_OAUTH_KEY }} | |
| PRODUCTION_S3_BUCKET: ${{ secrets.PRODUCTION_S3_BUCKET }} | |
| PRODUCTION_DB_BACKUP_S3_BUCKET: ${{ secrets.PRODUCTION_DB_BACKUP_S3_BUCKET }} | |
| ## tiler | |
| PRODUCTION_TILER_DB_HOST: ${{ secrets.PRODUCTION_TILER_DB_HOST }} | |
| PRODUCTION_TILER_DB_PASSWORD: ${{ secrets.PRODUCTION_TILER_DB_PASSWORD }} | |
| PRODUCTION_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.PRODUCTION_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
| PRODUCTION_SQS_QUEUE_URL: ${{ secrets.PRODUCTION_SQS_QUEUE_URL }} | |
| ## tm | |
| PRODUCTION_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRODUCTION_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
| PRODUCTION_TM_API_CONSUMER_KEY: ${{ secrets.PRODUCTION_TM_API_CONSUMER_KEY }} | |
| PRODUCTION_TM_API_CONSUMER_SECRET: ${{ secrets.PRODUCTION_TM_API_CONSUMER_SECRET }} | |
| PRODUCTION_TM_DB_PASSWORD: ${{ secrets.PRODUCTION_TM_DB_PASSWORD }} | |
| PRODUCTION_TM_API_SECRET: ${{ secrets.PRODUCTION_TM_API_SECRET }} | |
| PRODUCTION_TM_CLIENT_ID: ${{secrets.PRODUCTION_TM_CLIENT_ID}} | |
| PRODUCTION_TM_CLIENT_SECRET: ${{secrets.PRODUCTION_TM_CLIENT_SECRET}} | |
| ## nominatim | |
| PRODUCTION_NOMINATIM_PG_PASSWORD: ${{ secrets.PRODUCTION_NOMINATIM_PG_PASSWORD }} | |
| ## osmcha | |
| PRODUCTION_OSMCHA_PG_PASSWORD: ${{ secrets.PRODUCTION_OSMCHA_PG_PASSWORD }} | |
| PRODUCTION_OSMCHA_API_CONSUMER_KEY: ${{ secrets.PRODUCTION_OSMCHA_API_CONSUMER_KEY }} | |
| PRODUCTION_OSMCHA_API_CONSUMER_SECRET: ${{ secrets.PRODUCTION_OSMCHA_API_CONSUMER_SECRET }} | |
| PRODUCTION_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.PRODUCTION_OSMCHA_DJANGO_SECRET_KEY }} | |
| PRODUCTION_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.PRODUCTION_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
| OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
| - name: AWS Credentials | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Setup Kubectl and Helm Dependencies | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
| run: "sudo pip install awscli --ignore-installed six\nsudo curl -L -o /usr/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl\nsudo chmod +x /usr/bin/kubectl\nsudo curl -o /usr/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/aws-iam-authenticator\nsudo chmod +x /usr/bin/aws-iam-authenticator\nwget https://get.helm.sh/helm-v3.5.0-linux-amd64.tar.gz -O helm.tar.gz\ntar -xvzf helm.tar.gz\nsudo mv linux-amd64/helm /usr/local/bin/ \nsudo chmod +x /usr/local/bin/helm\n #magic___^_^___line\n" | |
| - name: Update kube-config staging | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/development' | |
| run: aws eks --region us-east-1 update-kubeconfig --name osmseed-staging | |
| - name: Update kube-config prod | |
| if: github.ref == 'refs/heads/main' | |
| run: aws eks --region us-east-1 update-kubeconfig --name osmseed-production-v2 | |
| - name: Install helm dependencies for | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
| run: cd ohm && helm dep up | |
| - name: Staging - helm deploy | |
| if: github.ref == 'refs/heads/staging' | |
| run: helm upgrade --install staging --wait ohm/ -f values.staging.yaml -f ohm/values.yaml | |
| # - name: development - helm deploy | |
| # if: github.ref == 'refs/heads/development' | |
| # run: helm upgrade --install development --wait ohm/ -f values.staging.yaml -f ohm/values.yaml | |
| - name: Production - helm deploy | |
| if: github.ref == 'refs/heads/main' | |
| run: helm upgrade --install production --wait ohm/ -f values.production.yaml -f ohm/values.yaml |