ci(actions): Update the secret update process

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
2024-03-19 11:05:38 +01:00 · 2024-03-19 11:05:38 +01:00 · 9d416248e2
commit 9d416248e2
parent 2a182cc6b8
1 changed files with 20 additions and 7 deletions
--- a/.github/workflows/workers-ee.yaml
+++ b/.github/workflows/workers-ee.yaml
@ -38,6 +38,12 @@ jobs:
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 

+    - name: Downloading yq
+      run: |
+        VERSION="v4.42.1"
+        wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq
+        chmod +x /usr/bin/yq
+
    - uses: azure/k8s-set-context@v1
      with:
        method: kubeconfig
@ -116,6 +122,13 @@ jobs:
      env:
        # We're not passing -ee flag, because helm will add that.
        IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }}
+        DOMAIN_NAME: ${{ secrets.EE_DOMAIN_NAME }}
+        LICENSE_KEY: ${{ secrets.EE_LICENSE_KEY }}
+        JWT_SECRET: ${{ secrets.EE_JWT_SECRET }}
+        MINIO_ACCESS_KEY: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        MINIO_SECRET_KEY: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        PG_PASSWORD: ${{ secrets.EE_PG_PASSWORD }}
+        REGISTRY_URL: ${{ secrets.OSS_REGISTRY_URL }}
      run: |
        #
        # Deploying image to environment.
@ -125,13 +138,13 @@ jobs:
        cd scripts/helmcharts/

        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
+        yq e -i '.global.domainName = strenv(DOMAIN_NAME)' vars.yaml
+        yq e -i '.chalice.env.jwt_secret = strenv(JWT_SECRET)' vars.yaml
+        yq e -i '.global.enterpriseEditionLicense = strenv(LICENSE_KEY)' vars.yaml
+        yq e -i '.global.s3.accessKey = strenv(MINIO_ACCESS_KEY)' vars.yaml
+        yq e -i '.global.s3.secretKey = strenv(MINIO_SECRET_KEY)' vars.yaml
+        yq e -i '.global.postgresql.password = strenv(PG_PASSWORD)' vars.yaml
+        yq e -i '.global.openReplayContainerRegistry = strenv(REGISTRY_URL)' vars.yaml

        set -x
        echo > /tmp/image_override.yaml