Support GitHub Apps for GitOps Workflow #243
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ on: | |
| docker-file: | ||
| required: false | ||
| type: string | ||
| default: "./Dockerfile" | ||
| docker-image: | ||
| required: false | ||
| type: string | ||
|
|
@@ -26,10 +26,14 @@ on: | |
| gitops-prod: | ||
| required: false | ||
| type: string | ||
| gitops-organization: | ||
| required: false | ||
| type: string | ||
| default: ${{ github.repository_owner }} | ||
| working-directory: | ||
| required: false | ||
| type: string | ||
| default: "." | ||
| # waiting for: https://github.com/github-community/community/discussions/17554 | ||
| secrets: | ||
| docker-username: | ||
|
|
@@ -44,19 +48,34 @@ on: | |
| required: false | ||
| gonosumdb: | ||
| required: false | ||
| app-id: | ||
| required: false | ||
| private-key: | ||
| required: false | ||
|
|
||
| jobs: | ||
| gitops: | ||
| name: GitOps | ||
| runs-on: ubuntu-22.04 | ||
|
|
||
| if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') | ||
|
|
||
| env: | ||
| USING_APP_CREDENTIALS: ${{ secrets.app-id != '' && secrets.private-key != '' }} | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Get App Token | ||
| if: ${{ env.USING_APP_CREDENTIALS == 'true' }} | ||
| uses: actions/[email protected] | ||
| id: get_token | ||
| with: | ||
| app-id: ${{ secrets.app-id }} | ||
| private-key: ${{ secrets.private-key }} | ||
| owner: ${{inputs.gitops-organization }} | ||
|
|
||
| - name: GitOps (build, push and deploy a new Docker image) | ||
| uses: Staffbase/[email protected] | ||
| with: | ||
|
|
@@ -70,7 +89,7 @@ jobs: | |
| docker-build-target: ${{ inputs.docker-build-target }} | ||
| docker-file: ${{ inputs.docker-file }} | ||
| docker-image: ${{ inputs.docker-image }} | ||
| gitops-token: ${{ env.USING_APP_CREDENTIALS == 'true' && steps.get_token.outputs.token || secrets.gitops-token }} | ||
| gitops-dev: ${{ inputs.gitops-dev }} | ||
| gitops-stage: ${{ inputs.gitops-stage }} | ||
| gitops-prod: ${{ inputs.gitops-prod }} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -102,6 +102,7 @@ jobs: | |
| # optional: private key of the GitHub App | ||
| private_key: ${{ <your-private-key> }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### GitOps | ||
|
|
@@ -135,6 +136,8 @@ jobs: | |
| # optional: files which should be updated for prod | ||
| gitops-prod: |- | ||
| your files | ||
| # optional: organization of the gitops repository, default: github.repository_owner | ||
| gitops-organization: <your-organization> | ||
|
Comment on lines
+139
to
+140
There was a problem hiding this comment. Out of interest: What is a use case where this should differ? 🤔 There was a problem hiding this comment. The |
||
| secrets: | ||
| # optional: username for the docker registry | ||
| docker-username: ${{ <your-docker-username> }} | ||
|
|
@@ -150,7 +153,12 @@ jobs: | |
| gitops-token: ${{ <your-gitops-token> }} | ||
| # optional: gonosumdb environment variable | ||
| gonosumdb: ${{ <your-gonosumdb> }} | ||
| # optional: identifier of the GitHub App for authentication | ||
| app-id: ${{ <your-app-id> }} | ||
| # optional: private key of the GitHub App | ||
| private-key: ${{ <your-private-key> }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Jira Ticket Tagging | ||
|
|
@@ -183,6 +191,7 @@ jobs: | |
| # email of the api token owner | ||
| jira-email: ${{ <your-email> }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### LaunchDarkly Code References | ||
|
|
@@ -209,6 +218,7 @@ jobs: | |
| # LD access token with correct access rights | ||
| access-token: ${{ <your-access-token> }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Release Drafter | ||
|
|
@@ -247,6 +257,7 @@ jobs: | |
| # optional: private key of the GitHub App | ||
| private_key: ${{ <your-private-key> }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Release Version Detector | ||
|
|
@@ -283,6 +294,7 @@ on: | |
| - cron: '0 0 * * 1' | ||
| - cron: '0 0 1 1 *' | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Secret Scanning | ||
|
|
@@ -299,6 +311,7 @@ jobs: | |
| trufflehog: | ||
| uses: Staffbase/gha-workflows/.github/workflows/[email protected] | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### Stale | ||
|
|
@@ -330,6 +343,7 @@ jobs: | |
| # optional: comment on the staled pull request, default: This PR has been automatically marked as stale because there has been no recent activity in the last 60 days. It will be closed in 7 days if no further activity occurs such as removing the label. | ||
| stale-pr-message: your message | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### TechDocs | ||
|
|
@@ -366,6 +380,7 @@ jobs: | |
| # optional: specifies the access key associated with the storage account | ||
| azure-account-key: ${{ secrets.TECHDOCS_AZURE_ACCESS_KEY }} | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ### TestIO | ||
|
|
@@ -421,6 +436,7 @@ jobs: | |
| # optional: path which files should be checked recursively, default: . | ||
| target-path: your path | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| ## Limitations 🚧 | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why we need the
actions/checkouthereThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want to start the action, you want to get the code of the repo where you execute this action. In this repo, you have the Dockerfile, etc. Without this action, you will get a not-found exception for several files. 😆 If you are unsure, feel free to test your solution. You can use the branch name as your new version. 🙌
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sense. I totally forgot that the workflow replaces the entire job content where normally the checkout happens.