-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #243 from Staffbase/Support-GitHub-Apps-for-GitOps…
…-Workflow Support GitHub Apps for GitOps Workflow
- Loading branch information
Showing
2 changed files
with
39 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ on: | |
| docker-file: | ||
| required: false | ||
| type: string | ||
| default: './Dockerfile' | ||
| default: "./Dockerfile" | ||
| docker-image: | ||
| required: false | ||
| type: string | ||
|
|
@@ -26,10 +26,14 @@ on: | |
| gitops-prod: | ||
| required: false | ||
| type: string | ||
| gitops-organization: | ||
| required: false | ||
| type: string | ||
| default: ${{ github.repository_owner }} | ||
| working-directory: | ||
| required: false | ||
| type: string | ||
| default: '.' | ||
| default: "." | ||
| # waiting for: https://github.com/github-community/community/discussions/17554 | ||
| secrets: | ||
| docker-username: | ||
|
|
@@ -44,19 +48,34 @@ on: | |
| required: false | ||
| gonosumdb: | ||
| required: false | ||
| app-id: | ||
| required: false | ||
| private-key: | ||
| required: false | ||
|
|
||
| jobs: | ||
| gitops: | ||
|
|
||
| name: GitOps | ||
| runs-on: ubuntu-22.04 | ||
|
|
||
| if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') | ||
|
|
||
| env: | ||
| USING_APP_CREDENTIALS: ${{ secrets.app-id != '' && secrets.private-key != '' }} | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Get App Token | ||
| if: ${{ env.USING_APP_CREDENTIALS == 'true' }} | ||
| uses: actions/[email protected] | ||
| id: get_token | ||
| with: | ||
| app-id: ${{ secrets.app-id }} | ||
| private-key: ${{ secrets.private-key }} | ||
| owner: ${{inputs.gitops-organization }} | ||
|
|
||
| - name: GitOps (build, push and deploy a new Docker image) | ||
| uses: Staffbase/[email protected] | ||
| with: | ||
|
|
@@ -70,7 +89,7 @@ jobs: | |
| docker-build-target: ${{ inputs.docker-build-target }} | ||
| docker-file: ${{ inputs.docker-file }} | ||
| docker-image: ${{ inputs.docker-image }} | ||
| gitops-token: ${{ secrets.gitops-token }} | ||
| gitops-token: ${{ env.USING_APP_CREDENTIALS == 'true' && steps.get_token.outputs.token || secrets.gitops-token }} | ||
| gitops-dev: ${{ inputs.gitops-dev }} | ||
| gitops-stage: ${{ inputs.gitops-stage }} | ||
| gitops-prod: ${{ inputs.gitops-prod }} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -102,6 +102,7 @@ jobs: | |
| # optional: private key of the GitHub App | ||
| private_key: ${{ <your-private-key> }} | ||
| ``` | ||
| </details> | ||
| ### GitOps | ||
|
|
@@ -135,6 +136,8 @@ jobs: | |
| # optional: files which should be updated for prod | ||
| gitops-prod: |- | ||
| your files | ||
| # optional: organization of the gitops repository, default: github.repository_owner | ||
| gitops-organization: <your-organization> | ||
| secrets: | ||
| # optional: username for the docker registry | ||
| docker-username: ${{ <your-docker-username> }} | ||
|
|
@@ -150,7 +153,12 @@ jobs: | |
| gitops-token: ${{ <your-gitops-token> }} | ||
| # optional: gonosumdb environment variable | ||
| gonosumdb: ${{ <your-gonosumdb> }} | ||
| # optional: identifier of the GitHub App for authentication | ||
| app-id: ${{ <your-app-id> }} | ||
| # optional: private key of the GitHub App | ||
| private-key: ${{ <your-private-key> }} | ||
| ``` | ||
| </details> | ||
| ### Jira Ticket Tagging | ||
|
|
@@ -183,6 +191,7 @@ jobs: | |
| # email of the api token owner | ||
| jira-email: ${{ <your-email> }} | ||
| ``` | ||
| </details> | ||
| ### LaunchDarkly Code References | ||
|
|
@@ -209,6 +218,7 @@ jobs: | |
| # LD access token with correct access rights | ||
| access-token: ${{ <your-access-token> }} | ||
| ``` | ||
| </details> | ||
| ### Release Drafter | ||
|
|
@@ -247,6 +257,7 @@ jobs: | |
| # optional: private key of the GitHub App | ||
| private_key: ${{ <your-private-key> }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Release Version Detector | ||
|
|
@@ -283,6 +294,7 @@ on: | |
| - cron: '0 0 * * 1' | ||
| - cron: '0 0 1 1 *' | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Secret Scanning | ||
|
|
@@ -299,6 +311,7 @@ jobs: | |
| trufflehog: | ||
| uses: Staffbase/gha-workflows/.github/workflows/[email protected] | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Stale | ||
|
|
@@ -330,6 +343,7 @@ jobs: | |
| # optional: comment on the staled pull request, default: This PR has been automatically marked as stale because there has been no recent activity in the last 60 days. It will be closed in 7 days if no further activity occurs such as removing the label. | ||
| stale-pr-message: your message | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### TechDocs | ||
|
|
@@ -366,6 +380,7 @@ jobs: | |
| # optional: specifies the access key associated with the storage account | ||
| azure-account-key: ${{ secrets.TECHDOCS_AZURE_ACCESS_KEY }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### TestIO | ||
|
|
@@ -421,6 +436,7 @@ jobs: | |
| # optional: path which files should be checked recursively, default: . | ||
| target-path: your path | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ## Limitations 🚧 | ||
|
|
||