From 074968df923b2e44d61e15dc45ae8e7b54b5f91b Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Tue, 8 Oct 2024 09:09:37 +0300 Subject: [PATCH] Use outputs instead of secrets in `with` --- .github/workflows/_cd-charterafrica.yaml | 49 +++++++++++++++++++----- .github/workflows/_cd-codeforafrica.yaml | 37 +++++++++++++++--- .github/workflows/_cd-dev.yaml | 9 +++-- .github/workflows/_cd-prod.yaml | 7 +++- .github/workflows/main.yaml | 1 + 5 files changed, 82 insertions(+), 21 deletions(-) diff --git a/.github/workflows/_cd-charterafrica.yaml b/.github/workflows/_cd-charterafrica.yaml index dc782fda4..9634bed79 100644 --- a/.github/workflows/_cd-charterafrica.yaml +++ b/.github/workflows/_cd-charterafrica.yaml @@ -3,14 +3,18 @@ name: CD | charterafrica on: workflow_call: inputs: + NODE_ENV: + required: true + type: string + description: "development|production" app_url: required: true type: string description: "App final URL" - NODE_ENV: + seo_disabled: required: true type: string - description: "development|production" + description: "false|true" build_args: required: false type: string @@ -25,29 +29,56 @@ on: description: "The dokku app's git repository url in SSH format" jobs: + # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause + # https://github.com/github/roadmap/issues/636 + secrets: + runs-on: ubuntu-latest + outputs: + MONGO_URL: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_MONGO_URL }} + NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + NEXT_PUBLIC_GA_MEASUREMENT_ID: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_GA_MEASUREMENT_ID }} + NEXT_PUBLIC_SENTRY_DSN: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_SENTRY_DSN }} + PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} + SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }} + steps: + - id: output-secrets + run: | + echo "CHARTERAFRICA_GA_MEASUREMENT_ID=${{ secrets.CHARTERAFRICA_GA_MEASUREMENT_ID }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT" + build-docker-image: name: Build Docker Image + needs: + - secrets uses: ./.github/workflows/build-docker-image.yml - secrets: inherit with: build_args: | ${{ inputs.build_args }} - MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }} + MONGO_URL=${{ needs.secrets.outputs.MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ inputs.app_url }} - NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }} + NEXT_PUBLIC_GA_MEASUREMENT_ID=${{ needs.secrets.outputs.NEXT_PUBLIC_GA_MEASUREMENT_ID }} + NEXT_PUBLIC_SENTRY_DSN=${{ needs.secrets.outputs.NEXT_PUBLIC_SENTRY_DSN }} + NEXT_PUBLIC_SEO_DISABLED=${{ inputs.seo_disabled }} NODE_ENV=${{ inputs.NODE_ENV }} - PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} + PAYLOAD_SECRET_KEY=${{ needs.secrets.outputs.PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }} + SENTRY_ORG=${{ vars.SENTRY_ORG }} + SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }} tags: ${{ inputs.tags }} target: charterafrica-runner + secrets: inherit push-to-dokku: name: Push to Dokku needs: [build-docker-image] uses: ./.github/workflows/push-to-dokku.yml - secrets: inherit with: git_remote_url: ${{ inputs.git_remote_url }} deploy_docker_image: ${{ inputs.tags }} + secrets: inherit diff --git a/.github/workflows/_cd-codeforafrica.yaml b/.github/workflows/_cd-codeforafrica.yaml index aa2e1b01e..18387820b 100644 --- a/.github/workflows/_cd-codeforafrica.yaml +++ b/.github/workflows/_cd-codeforafrica.yaml @@ -23,23 +23,48 @@ on: required: true type: string description: "The dokku app's git repository url in SSH format" + secrets: + CODEFORAFRICA_MONGODB_URL: + required: true + NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL: + required: false jobs: + # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause + # https://github.com/github/roadmap/issues/636 + secrets: + runs-on: ubuntu-latest + outputs: + MONGODB_URL: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_MONGODB_URL }} + NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_PAYLOAD_SECRET }} + SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }} + steps: + - id: output-secrets + run: | + echo "CODEFORAFRICA_MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT" + echo "CODEFORAFRICA_PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" >> "$GITHUB_OUTPUT" + echo "CODEFORAFRICA_SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT" + build-docker-image: name: Build Docker Image + needs: + - secrets uses: ./.github/workflows/build-docker-image.yml with: build_args: | ${{ inputs.build_args }} - MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }} - NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} - NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + MONGODB_URL=${{ needs.secrets.outputs.MONGODB_URL }} + NEXT_PUBLIC_APP_LOGO_URL=${{ needs.secrets.outputs.NEXT_PUBLIC_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME=${{ needs.secrets.outputs.NEXT_PUBLIC_APP_NAME }} NEXT_PUBLIC_APP_URL=${{ inputs.app_url }} NODE_ENV=${{ inputs.NODE_ENV }} - PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} + PAYLOAD_SECRET=${{ needs.secrets.outputs.PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }} - SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }} - SENTRY_DSN: ${{ vars.TECHLABBLOG_SENTRY_DSN }} + SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }} tags: ${{ inputs.tags }} target: "codeforafrica-runner" secrets: inherit diff --git a/.github/workflows/_cd-dev.yaml b/.github/workflows/_cd-dev.yaml index 52dc8ba0a..4789f06b8 100644 --- a/.github/workflows/_cd-dev.yaml +++ b/.github/workflows/_cd-dev.yaml @@ -12,12 +12,13 @@ jobs: needs: - apps-path-filter if: ${{ needs.apps-path-filter.outputs.charterafrica == 'true' }} - uses: ./.github/workflows/_cd-codeforafrica.yaml + uses: ./.github/workflows/_cd-charterafrica.yaml with: - NODE_ENV: "development" + NODE_ENV: development app_url: "https://charterafrica.dev.codeforafrica.org" - git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/charterafrica-ui" + seo_disabled: true tags: "codeforafrica/charterafrica-ui:${{ github.sha }}" + git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/charterafrica-ui" secrets: inherit cd-dev-codeforafrica: @@ -28,6 +29,6 @@ jobs: with: NODE_ENV: "development" app_url: "https://codeforafrica-ui.dev.codeforafrica.org" - git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/codeofrafrica-ui" tags: "codeforafrica/codeforafrica-ui:${{ github.sha }}" + git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/codeofrafrica-ui" secrets: inherit diff --git a/.github/workflows/_cd-prod.yaml b/.github/workflows/_cd-prod.yaml index 87966c628..1bf38adc2 100644 --- a/.github/workflows/_cd-prod.yaml +++ b/.github/workflows/_cd-prod.yaml @@ -9,12 +9,14 @@ jobs: uses: ./.github/workflows/_app-version-check.yaml with: file-name: "./apps/charterafrica/package.json" + secrets: inherit version-check-codeforafrica: name: Version Check | codeforafrica uses: ./.github/workflows/_app-version-check.yaml with: file-name: "./apps/codeforafrica/package.json" + secrets: inherit prod-cd-charterafrica: name: Deploy | charterafrica @@ -25,8 +27,9 @@ jobs: with: NODE_ENV: production app_url: https://charter.africa - git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/charterafrica-ui + seo_disabled: false tags: "codeforafrica/charterafrica-ui:${{ needs.version-check-charterafrica.outputs.version }}" + git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/charterafrica-ui secrets: inherit prod-cd-codeforafrica: @@ -38,6 +41,6 @@ jobs: with: NODE_ENV: production app_url: https://cfa.dev.codeforafrica.org - git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/codeforafrica-ui tags: "codeforafrica/codeforafrica-ui:${{ needs.version-check-codeforafrica.outputs.version }}" + git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/codeforafrica-ui secrets: inherit diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 660b61de8..51c304a47 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -23,6 +23,7 @@ jobs: apps-path-filter: name: uses: ./.github/workflows/_app-path-filter.yaml + secrets: inherit cd-dev: needs: