JASPER-101: Initial changes to make the action accessible (#31)

* Add initial sync secrets job code so that it can be seen by Github * Tweaks --------- Co-authored-by: Ronaldo Macapobre <[email protected]>
bcgov · Oct 1, 2024 · 1ab9510 · 1ab9510
1 parent 011387f
commit 1ab9510
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/.github/workflows/sync-secrets.yml b/.github/workflows/sync-secrets.yml
@@ -0,0 +1,46 @@
+name: Sync Secrets
+
+on:
+  workflow_dispatch:
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    name: Sync Secrets
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Openshift Cluster Login
+        uses: redhat-actions/[email protected]
+        with:
+          openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
+          openshift_token: ${{ secrets.EMERALD_DEV_SA_PIPELINE_TOKEN }}
+          insecure_skip_tls_verify: true
+          namespace: ${{ vars.OPENSHIFT_NAMESPACE }}-${{ vars.ENVIRONMENT }}
+
+      - name: Determine MOUNT name
+        id: mount
+        run: |
+          if [[ "${{ vars.ENVIRONMENT }}" != "prod" ]]; then
+            echo "MOUNT=${{ vars.OPENSHIFT_NAMESPACE }}-nonprod" >> $GITHUB_ENV
+          else
+            echo "MOUNT=${{ vars.OPENSHIFT_NAMESPACE }}-prod" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Import secrets
+        id: vault
+        uses: hashicorp/vault-action@v3
+        with:
+          url: ${{ vars.VAULT_URL }}
+          token: ${{ secrets.VAULT_TOKEN }}
+          exportEnv: "false"
+          namespace: platform-services
+          secrets: |
+            $MOUNT/data/helloworld hello=hello_value
+
+      - name: Apply Secrets to AWS Secrets Manager
+        # this does not do an "install" so assumes the helm chart already exists therefor won't work on init of a helm chart
+        run: |
+          echo "${{ steps.vault.outputs.hello_value }}"