Test pushing IPs to secrets

ministryofjustice · Jul 19, 2024 · ee205e7 · ee205e7
1 parent 9ac1dd6
commit ee205e7
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 13 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -26,6 +26,7 @@ jobs:
         env:
           TPL_PATH: "deploy/${{ inputs.environment }}"
           ECR_URL: ${{ inputs.registry }}/${{ vars.ECR_REPOSITORY }}
+          IPS: ${{ inputs.ips }}
           IMAGE_TAG_NGINX: "nginx-${{ github.sha }}"
           IMAGE_TAG_FPM: "fpm-${{ github.sha }}"
           IMAGE_TAG_CRON: "cron-${{ github.sha }}"

diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -6,6 +6,7 @@ on:
     branches:
       # - 'main' # protect main during initial development
       - 'develop'
+      - 'ip-develop'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,6 +19,12 @@ jobs:
     uses: ./.github/workflows/build.yml
     secrets: inherit
 
+  ips:
+    name: "IPs"
+    if: github.event.ref == 'refs/heads/develop'
+    uses: ./.github/workflows/ips.yml
+    secrets: inherit
+
   deploy_dev:
     name: "Development"
     if: github.event.ref == 'refs/heads/develop'
@@ -26,6 +33,7 @@ jobs:
     with:
       environment: development
       registry: ${{ needs.image.outputs.registry }}
+      ips: ${{ needs.ips.outputs.ips }}
     secrets: inherit
 
   deploy_staging:

diff --git a/.github/workflows/ips.yml b/.github/workflows/ips.yml
@@ -1,10 +1,17 @@
 name: "Handle Allowed IPs"
 
+# on:
+#   workflow_dispatch:
+#   push:
+#     branches:
+#       - 'ip-develop'
+
 on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'ip-develop'
+  workflow_call:
+    outputs:
+      registry:
+        description: "Allowed IPs"
+        value: ${{ jobs.handle_allowed_ips.outputs.ips }}
 
 jobs:
   handle_allowed_ips:
@@ -31,12 +38,3 @@ jobs:
             IPS=$(yq 'explode(.) | {"deprecating": .deprecating_access_to_moj_intranet | flatten, "allow": .allow_access_to_moj_intranet | flatten }' -o json -I=0 deploy/config/example-moj-ips.yaml)
             echo ::add-mask::$IPS
             echo "ips=$IPS" >> $GITHUB_OUTPUT
-      - name: Reuse a variable obtained in another step
-        run: | 
-          echo ::add-mask::$IPS
-          echo $IPS
-          size=${#IPS}
-          echo $size
-        with:
-          IPS: ${{ steps.parseIps.outputs.ips }}
-
diff --git a/deploy/development/secret.tpl.yml b/deploy/development/secret.tpl.yml
@@ -19,6 +19,7 @@ stringData:
   OAUTH_CLIENT_SECRET: "${OAUTH_CLIENT_SECRET}"
   BASIC_AUTH_USER: "${BASIC_AUTH_USER}"
   BASIC_AUTH_PASS: "${BASIC_AUTH_PASS}"
+  IPS: "${IPS}"
 ---
 apiVersion: v1
 kind: Secret