.github/workflows/bootstrap.yml

---
name: Bootstrap
on:
  workflow_dispatch: {}

jobs:
  secrets:
    uses: bn-digital/vault/.github/workflows/import-secrets.yml@latest
    secrets: inherit

  bootstrap:
    needs: [secrets]
    runs-on: self-hosted
    steps:
      - name: Checkout sources
        uses: actions/checkout@v4

      - name: Import Vault secrets
        uses: hashicorp/vault-action@v2.5.0
        with:
          url: ${{ secrets.VAULT_ENDPOINT }}
          token: ${{ secrets.VAULT_TOKEN }}
          secrets: |
            infrastructure/data/digitalocean  token     | DIGITALOCEAN_TOKEN ;
            infrastructure/data/kubernetes    cluster   | KUBERNETES_CLUSTER ;
            infrastructure/data/postgresql    password  | PGPASSWORD;

      - name: Create project in Harbor
        run: |
          curl -X 'POST' \
            'https://dcr.bndigital.dev/api/v2.0/projects' \
            -H 'authorization: Basic ${{ secrets.HARBOR_TOKEN }}' \
            -H 'Content-Type: application/json' \
            -d '{
            "project_name": "${{ github.event.repository.name }}",
            "public": false,
            "storage_limit": 10737418240
          }'
      - name: Setup DigitalOcean cli
        uses: digitalocean/action-doctl@v2
        with:
          token: ${{ env.DIGITALOCEAN_TOKEN }}

      - name: Configure Kubernetes context
        run: doctl kubernetes cluster kubeconfig save ${{ env.KUBERNETES_CLUSTER }} --set-current-context

      - name: Setup kubectl
        uses: azure/setup-kubectl@v3

      - name: Create DB
        env:
          DB_NAME: ${{ github.event.repository.name }}
        run: kubectl -n staging exec -it postgresql-0 -- /bin/bash -c "export PGPASSWORD='${{ env.PGPASSWORD }}' && createdb -U bn '${{ env.DB_NAME }}'"