preprocess private key to convert a multiple line data to a single li… #19
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test, and Deploy otc services for specific partner (DEV env) | |
| on: | |
| push: | |
| branches: | |
| - Automatic_deployment | |
| workflow_dispatch: | |
| inputs: | |
| partner_name: | |
| type: string | |
| description: 'The name of the partner (provided during workflow execution)' | |
| required: true | |
| default: default | |
| jobs: | |
| build: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| java: [ 17 ] | |
| name: Build OPEX and run tests with java ${{ matrix.java }} (otc) | |
| env: | |
| TAG: otc-dev | |
| PARTNER: ${{ github.event.inputs.partner_name || 'default' }} | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v2 | |
| - name: Setup Java | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: 'adopt' | |
| java-package: jdk | |
| java-version: ${{ matrix.java }} | |
| - name: load partners config | |
| id: download_partners_data | |
| run: | | |
| echo $PARTNER | |
| curl -L -o partner_mappings.yml -H "Authorization: token ${{secrets.PARTNERS_ACCESS_TOKEN}} " https://raw.githubusercontent.com/opexdev/partners/main/partner_mappings.yml | |
| cat partner_mappings.yml | |
| - name: Fetch Partner data | |
| uses: christian-ci/action-yaml-github-output@v2 | |
| id: read_partners_data | |
| with: | |
| file_path: partner_mappings.yml | |
| main_key: partners | |
| sub_key: ${{env.PARTNER}} | |
| - name: parse-yaml-file | |
| run: | | |
| echo ${{env.PARTNER}} | |
| echo "ssh private key: ${{ steps.read_partners_data.outputs.SSH_PRIVATE_KEY }}" | |
| echo "ssh dir: ${{ steps.read_partners_data.outputs.SSH_DIR }}" | |
| echo "ssh host: ${{ steps.read_partners_data.outputs.SSH_HOST }}" | |
| echo "ssh user : ${{ steps.read_partners_data.outputs.SSH_USER }}" | |
| - name: Decrypt data | |
| run: | | |
| echo ${{ steps.read_partners_data.outputs.SSH_HOST }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_ssh_host.txt | |
| echo ${{ steps.read_partners_data.outputs.SSH_DIR }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_dir.txt | |
| echo ${{ steps.read_partners_data.outputs.SSH_USER }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_user.txt | |
| curl -L -o priv_file.txt -H "Authorization: token ${{secrets.PARTNERS_ACCESS_TOKEN}} " https://raw.githubusercontent.com/opexdev/partners/main/${{ steps.read_partners_data.outputs.SSH_PRIVATE_KEY }} | |
| cat priv_file.txt | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_private_key.txt | |
| export SSH_SECRET_NN=$( cat decrypted_private_key.txt | tr -s '\r\n' '#') | |
| echo "ssh_user=$(cat decrypted_user.txt)" >> $GITHUB_OUTPUT | |
| echo "ssh_dir=$(cat decrypted_dir.txt)" >> $GITHUB_OUTPUT | |
| echo "ssh_host=$(cat decrypted_ssh_host.txt)" >> $GITHUB_OUTPUT | |
| echo "ssh_secret=$SSH_SECRET_NN" >> $GITHUB_OUTPUT | |
| - name: Build | |
| run: | | |
| mvn -pl common -am -B -T 1C clean install -Potc | |
| mvn -pl wallet,bc-gateway -amd -B -T 1C clean install -Potc | |
| - name: Run Tests | |
| run: | | |
| mvn -pl common -am -B -T 1C -Dskip.unit.tests=false surefire:test | |
| mvn -pl wallet,bc-gateway -amd -B -T 1C -Dskip.unit.tests=false surefire:test | |
| - name: Build Docker images | |
| run: docker compose -f docker-compose-otc.build.yml build | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push images to GitHub Container Registry | |
| run: docker compose -f docker-compose-otc.build.yml push | |
| deploy: | |
| name: deploy docker-compose on remote host | |
| runs-on: ubuntu-20.04 | |
| needs: build | |
| env: | |
| TAG: otc-dev | |
| SSH_USER: ${{ needs.build.outputs.ssh_user }} | |
| SSH_SECRET_NN: ${{ needs.build.outputs.ssh_secret }} | |
| SSH_DIR: ${{ needs.build.outputs.ssh_dir }} | |
| SSH_HOST: ${{ needs.build.outputs.ssh_host }} | |
| steps: | |
| - name: set ssh keys | |
| run: | | |
| export SSH_SECRET=$( tr '#' '\n' <<< "$SSH_SECRET_NN") | |
| install -m 600 -D /dev/null ~/.ssh/id_rsa | |
| echo "$SSH_SECRET" > ~/.ssh/id_rsa | |
| ssh-keyscan -H "$SSH_HOST" >~/.ssh/known_hosts | |
| - name: pull docker images in dest server | |
| run: | | |
| ssh "$SSH_USER"@"$SSH_HOST" "cd "$SSH_DIR" \ | |
| && git pull origin dev \ | |
| && docker compose -f docker-compose-otc.yml pull \ | |
| && docker compose -f docker-compose-otc.yml -f docker-compose-otc.local.yml up -d && exit " |