From bed88026bd06eb3c66b2237c400c79baf3edcd54 Mon Sep 17 00:00:00 2001 From: Rajesh Rajendran Date: Tue, 19 Mar 2024 14:44:11 +0100 Subject: [PATCH] Actions: composite actions for repetitive tasks (#1977) * ci(actions): Update the secret update process Signed-off-by: rjshrjndrn * ci(actions): Composite actions Signed-off-by: rjshrjndrn * fix(ci): keys injection Signed-off-by: rjshrjndrn * fix(ci): missing env variable Signed-off-by: rjshrjndrn * fix(ci): action name Signed-off-by: rjshrjndrn --------- Signed-off-by: rjshrjndrn --- .../composite-actions/update-keys/action.yml | 56 +++++++++++++++++++ .github/workflows/alerts-ee.yaml | 20 ++++--- .github/workflows/alerts.yaml | 11 ++++ .github/workflows/api-ee.yaml | 20 ++++--- .github/workflows/api.yaml | 21 +++---- .github/workflows/assist-ee.yaml | 20 ++++--- .github/workflows/assist-stats.yaml | 34 +++++++---- .github/workflows/assist.yaml | 20 ++++--- .github/workflows/crons-ee.yaml | 20 ++++--- .github/workflows/db-migrate.yaml | 40 +++++++------ .github/workflows/frontend-dev.yaml | 19 ++++--- .github/workflows/frontend.yaml | 42 +++++++------- .github/workflows/peers-ee.yaml | 20 ++++--- .github/workflows/peers.yaml | 19 ++++--- .github/workflows/sourcemaps-reader-ee.yaml | 20 ++++--- .github/workflows/sourcemaps-reader.yaml | 19 ++++--- .github/workflows/workers-ee.yaml | 32 +++++------ .github/workflows/workers.yaml | 19 ++++--- 18 files changed, 278 insertions(+), 174 deletions(-) create mode 100644 .github/composite-actions/update-keys/action.yml diff --git a/.github/composite-actions/update-keys/action.yml b/.github/composite-actions/update-keys/action.yml new file mode 100644 index 000000000..38668d7e5 --- /dev/null +++ b/.github/composite-actions/update-keys/action.yml @@ -0,0 +1,56 @@ +name: 'Update Keys' +description: 'Updates keys' +inputs: + domain_name: + required: true + description: 'Domain Name' + license_key: + required: true + description: 'License Key' + jwt_secret: + required: true + description: 'JWT Secret' + minio_access_key: + required: true + description: 'MinIO Access Key' + minio_secret_key: + required: true + description: 'MinIO Secret Key' + pg_password: + required: true + description: 'PostgreSQL Password' + registry_url: + required: true + description: 'Registry URL' + +runs: + using: "composite" + steps: + - name: Downloading yq + run: | + VERSION="v4.42.1" + sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq + sudo chmod +x /usr/bin/yq + shell: bash + + - name: "Updating OSS secrets" + run: | + cd scripts/helmcharts/ + yq e -i '.global.domainName = strenv(DOMAIN_NAME)' vars.yaml + yq e -i '.global.assistKey = strenv(JWT_SECRET)' vars.yaml + yq e -i '.global.assistJWTSecret = strenv(JWT_SECRET)' vars.yaml + yq e -i '.chalice.env.jwt_secret = strenv(JWT_SECRET)' vars.yaml + yq e -i '.global.enterpriseEditionLicense = strenv(LICENSE_KEY)' vars.yaml + yq e -i '.global.s3.accessKey = strenv(MINIO_ACCESS_KEY)' vars.yaml + yq e -i '.global.s3.secretKey = strenv(MINIO_SECRET_KEY)' vars.yaml + yq e -i '.postgresql.postgresqlPassword = strenv(PG_PASSWORD)' vars.yaml + yq e -i '.global.openReplayContainerRegistry = strenv(REGISTRY_URL)' vars.yaml + shell: bash + env: + DOMAIN_NAME: ${{ inputs.domain_name }} + LICENSE_KEY: ${{ inputs.license_key }} + JWT_SECRET: ${{ inputs.jwt_secret }} + MINIO_ACCESS_KEY: ${{ inputs.minio_access_key }} + MINIO_SECRET_KEY: ${{ inputs.minio_secret_key }} + PG_PASSWORD: ${{ inputs.pg_password }} + REGISTRY_URL: ${{ inputs.registry_url }} diff --git a/.github/workflows/alerts-ee.yaml b/.github/workflows/alerts-ee.yaml index 4c1d3b6c4..68bf4a45b 100644 --- a/.github/workflows/alerts-ee.yaml +++ b/.github/workflows/alerts-ee.yaml @@ -42,6 +42,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -110,15 +121,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/alerts/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/alerts.yaml b/.github/workflows/alerts.yaml index a24f2b855..01505f0a7 100644 --- a/.github/workflows/alerts.yaml +++ b/.github/workflows/alerts.yaml @@ -34,6 +34,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" diff --git a/.github/workflows/api-ee.yaml b/.github/workflows/api-ee.yaml index 32c1cb627..59d4deef5 100644 --- a/.github/workflows/api-ee.yaml +++ b/.github/workflows/api-ee.yaml @@ -41,6 +41,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -109,15 +120,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/chalice/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/api.yaml b/.github/workflows/api.yaml index 451ae64b5..7aaf617c5 100644 --- a/.github/workflows/api.yaml +++ b/.github/workflows/api.yaml @@ -33,6 +33,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -100,14 +111,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml - # Update changed image tag sed -i "/chalice/{n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml @@ -118,7 +121,6 @@ jobs: mv /tmp/{ingress-nginx,chalice,quickwit} openreplay/charts/ helm template openreplay -n app openreplay -f vars.yaml -f /tmp/image_override.yaml --set ingress-nginx.enabled=false --set skipMigration=true --no-hooks | kubectl apply -n app -f - env: - DOCKER_REPO: ${{ secrets.OSS_REGISTRY_URL }} IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }} ENVIRONMENT: staging @@ -140,4 +142,3 @@ jobs: # DOCKER_REPO: ${{ secrets.OSS_REGISTRY_URL }} # IMAGE_TAG: ${{ github.sha }} # ENVIRONMENT: staging - diff --git a/.github/workflows/assist-ee.yaml b/.github/workflows/assist-ee.yaml index be5678143..4774d1378 100644 --- a/.github/workflows/assist-ee.yaml +++ b/.github/workflows/assist-ee.yaml @@ -31,6 +31,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -92,15 +103,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/assist/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/assist-stats.yaml b/.github/workflows/assist-stats.yaml index 249d51d81..cee21b8f7 100644 --- a/.github/workflows/assist-stats.yaml +++ b/.github/workflows/assist-stats.yaml @@ -30,6 +30,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -82,9 +93,17 @@ jobs: kubeconfig: ${{ secrets.EE_KUBECONFIG }} # Use content of kubeconfig in secret. id: setcontextee - - name: Resetting vars file - run: | - git checkout -- scripts/helmcharts/vars.yaml + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Deploy to kubernetes ee run: | cd scripts/helmcharts/ @@ -95,15 +114,6 @@ jobs: tag: ${IMAGE_TAG} EOF - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/assist-stats/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/assist.yaml b/.github/workflows/assist.yaml index 970b56016..1d534d3c8 100644 --- a/.github/workflows/assist.yaml +++ b/.github/workflows/assist.yaml @@ -30,6 +30,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -91,15 +102,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.OSS_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/assist/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/crons-ee.yaml b/.github/workflows/crons-ee.yaml index b357fea65..555b72c84 100644 --- a/.github/workflows/crons-ee.yaml +++ b/.github/workflows/crons-ee.yaml @@ -42,6 +42,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -110,15 +121,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/crons/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/db-migrate.yaml b/.github/workflows/db-migrate.yaml index 134e2dafa..af09b347a 100644 --- a/.github/workflows/db-migrate.yaml +++ b/.github/workflows/db-migrate.yaml @@ -59,17 +59,22 @@ jobs: EOF done + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Deploy to kubernetes foss if: ${{ steps.check-migration.outputs.skip_migration_oss != 'true' }} run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml cat /tmp/image_override.yaml @@ -115,22 +120,21 @@ jobs: EOF done - - name: Resetting vars file - run: | - git checkout -- scripts/helmcharts/vars.yaml + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Deploy to kubernetes ee run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - cat /tmp/image_override.yaml # Deploy command helm upgrade --install openreplay -n app openreplay -f vars.yaml -f /tmp/image_override.yaml --atomic --set forceMigration=true --set dbMigrationUpstreamBranch=${IMAGE_TAG} diff --git a/.github/workflows/frontend-dev.yaml b/.github/workflows/frontend-dev.yaml index fa7137d1c..8eba93ba4 100644 --- a/.github/workflows/frontend-dev.yaml +++ b/.github/workflows/frontend-dev.yaml @@ -21,6 +21,17 @@ jobs: ${{ runner.OS }}-build- ${{ runner.OS }}- + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.DEV_DOMAIN_NAME }} + license_key: ${{ secrets.DEV_LICENSE_KEY }} + jwt_secret: ${{ secrets.DEV_JWT_SECRET }} + minio_access_key: ${{ secrets.DEV_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.DEV_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.DEV_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -59,14 +70,6 @@ jobs: tag: ${IMAGE_TAG} EOF - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.DEV_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.DEV_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.DEV_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.DEV_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.DEV_DOMAIN_NAME }}\"/g" vars.yaml - # Update changed image tag sed -i "/frontend/{n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml index 6ef04ea87..ed1e143e4 100644 --- a/.github/workflows/frontend.yaml +++ b/.github/workflows/frontend.yaml @@ -27,6 +27,17 @@ jobs: ${{ runner.OS }}-build- ${{ runner.OS }}- + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -65,14 +76,6 @@ jobs: tag: ${IMAGE_TAG} EOF - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml - # Update changed image tag sed -i "/frontend/{n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml @@ -96,9 +99,17 @@ jobs: kubeconfig: ${{ secrets.EE_KUBECONFIG }} # Use content of kubeconfig in secret. id: setcontextee - - name: Resetting vars file - run: | - git checkout -- scripts/helmcharts/vars.yaml + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Deploy to kubernetes ee run: | cd scripts/helmcharts/ @@ -109,15 +120,6 @@ jobs: tag: ${IMAGE_TAG} EOF - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/frontend/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/peers-ee.yaml b/.github/workflows/peers-ee.yaml index ce014a45f..fcdeb1de5 100644 --- a/.github/workflows/peers-ee.yaml +++ b/.github/workflows/peers-ee.yaml @@ -31,6 +31,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -99,15 +110,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/peers/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/peers.yaml b/.github/workflows/peers.yaml index ef564ec65..fa816eda9 100644 --- a/.github/workflows/peers.yaml +++ b/.github/workflows/peers.yaml @@ -30,6 +30,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -97,14 +108,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml - # Update changed image tag sed -i "/peers/{n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml diff --git a/.github/workflows/sourcemaps-reader-ee.yaml b/.github/workflows/sourcemaps-reader-ee.yaml index 0bee8ba4e..8df4fdfa6 100644 --- a/.github/workflows/sourcemaps-reader-ee.yaml +++ b/.github/workflows/sourcemaps-reader-ee.yaml @@ -30,6 +30,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -97,15 +108,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml - sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml - # Update changed image tag sed -i "/sourcemaps-reader/{n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml sed -i "s/sourcemaps-reader/sourcemapreader/g" /tmp/image_override.yaml diff --git a/.github/workflows/sourcemaps-reader.yaml b/.github/workflows/sourcemaps-reader.yaml index bbc7ae887..6c31517b0 100644 --- a/.github/workflows/sourcemaps-reader.yaml +++ b/.github/workflows/sourcemaps-reader.yaml @@ -30,6 +30,17 @@ jobs: # to see which workers got changed. fetch-depth: 2 + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -97,14 +108,6 @@ jobs: run: | cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml - # Update changed image tag sed -i "/sourcemaps-reader/{n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml sed -i "s/sourcemaps-reader/sourcemapreader/g" /tmp/image_override.yaml diff --git a/.github/workflows/workers-ee.yaml b/.github/workflows/workers-ee.yaml index 3606e119d..cbe9313cf 100644 --- a/.github/workflows/workers-ee.yaml +++ b/.github/workflows/workers-ee.yaml @@ -34,6 +34,17 @@ jobs: fetch-depth: 2 # ref: staging + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.EE_DOMAIN_NAME }} + license_key: ${{ secrets.EE_LICENSE_KEY }} + jwt_secret: ${{ secrets.EE_JWT_SECRET }} + minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.EE_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" @@ -41,8 +52,8 @@ jobs: - name: Downloading yq run: | VERSION="v4.42.1" - wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq - chmod +x /usr/bin/yq + sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq + sudo chmod +x /usr/bin/yq - uses: azure/k8s-set-context@v1 with: @@ -120,15 +131,7 @@ jobs: - name: Deploying to kuberntes env: - # We're not passing -ee flag, because helm will add that. IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }} - DOMAIN_NAME: ${{ secrets.EE_DOMAIN_NAME }} - LICENSE_KEY: ${{ secrets.EE_LICENSE_KEY }} - JWT_SECRET: ${{ secrets.EE_JWT_SECRET }} - MINIO_ACCESS_KEY: ${{ secrets.EE_MINIO_ACCESS_KEY }} - MINIO_SECRET_KEY: ${{ secrets.EE_MINIO_SECRET_KEY }} - PG_PASSWORD: ${{ secrets.EE_PG_PASSWORD }} - REGISTRY_URL: ${{ secrets.OSS_REGISTRY_URL }} run: | # # Deploying image to environment. @@ -137,15 +140,6 @@ jobs: [[ -f /tmp/nothing-to-build-here ]] && exit 0 cd scripts/helmcharts/ - ## Update secerts - yq e -i '.global.domainName = strenv(DOMAIN_NAME)' vars.yaml - yq e -i '.chalice.env.jwt_secret = strenv(JWT_SECRET)' vars.yaml - yq e -i '.global.enterpriseEditionLicense = strenv(LICENSE_KEY)' vars.yaml - yq e -i '.global.s3.accessKey = strenv(MINIO_ACCESS_KEY)' vars.yaml - yq e -i '.global.s3.secretKey = strenv(MINIO_SECRET_KEY)' vars.yaml - yq e -i '.global.postgresql.password = strenv(PG_PASSWORD)' vars.yaml - yq e -i '.global.openReplayContainerRegistry = strenv(REGISTRY_URL)' vars.yaml - set -x echo > /tmp/image_override.yaml mkdir /tmp/helmcharts diff --git a/.github/workflows/workers.yaml b/.github/workflows/workers.yaml index 0d9927df9..4d9dba414 100644 --- a/.github/workflows/workers.yaml +++ b/.github/workflows/workers.yaml @@ -33,6 +33,17 @@ jobs: fetch-depth: 2 # ref: staging + - uses: ./.github/composite-actions/update-keys + with: + domain_name: ${{ secrets.OSS_DOMAIN_NAME }} + license_key: ${{ secrets.OSS_LICENSE_KEY }} + jwt_secret: ${{ secrets.OSS_JWT_SECRET }} + minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} + minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} + pg_password: ${{ secrets.OSS_PG_PASSWORD }} + registry_url: ${{ secrets.OSS_REGISTRY_URL }} + name: Update Keys + - name: Docker login run: | docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" @@ -123,14 +134,6 @@ jobs: [[ -f /tmp/nothing-to-build-here ]] && exit 0 cd scripts/helmcharts/ - ## Update secerts - sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml - sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml - sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml - sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml - sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml - sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml - set -x echo > /tmp/image_override.yaml mkdir /tmp/helmcharts