From 22349cefdb7247bb2212b8e4a2964004885e3bc2 Mon Sep 17 00:00:00 2001 From: "Logan MAUZAIZE (Finalcad)" Date: Mon, 14 Oct 2024 16:31:52 +0200 Subject: [PATCH] RD-44661 Deprecate action https://finalcad.atlassian.net/browse/RD-44661 --- README.md | 53 ++------------------------------ action.yml | 88 ++++++++++++------------------------------------------ 2 files changed, 22 insertions(+), 119 deletions(-) diff --git a/README.md b/README.md index c4a740d..f2fe29a 100644 --- a/README.md +++ b/README.md @@ -1,54 +1,7 @@ # AppSecretsAction -Github Action to deploy in aws secret manager a set of secret from the app repository. -File should match this path `.finalcad/secrets.yaml`. You can find a list of all available keys on this [page](https://finalcad.atlassian.net/wiki/spaces/INFRA/pages/3213590529/Security+secrets) +This Github Action has been deprecated. Use [Gob](https://finalcad.atlassian.net/wiki/spaces/TE/pages/4264427522/Repository+update+by+Gob) to update your project. -## Inputs -### `app-name` -[**Required**] Application ID to identify the apps in eks-apps +If you don't know what it means, post a message on [Slack #infra-backend](https://finalcad.slack.com/archives/G01GL3EBLAW). -### `aws-role` -[**Required**] AWS role allowing Secret manager usage - -### `aws-region` -AWS region for ECR checks, Default: eu-central-1 - -### `terraform-version` -Terraform version to use, Default: latest - -### `terragrunt-version` -Terragrunt version to use, Default: latest - -### `appsecret-repo` -Repository containing terraform code for secret creation, Default: FinalCAD/terraform-app-secrets - -### `appsecret-ref` -Reference to use for `appsecret-repo` repository, Default: master - -### `github-token` -Github token to avoid limit rate when pulling package - -### `github-ssh` -[**Required**] Github ssh key to pull `appsecret-repo` repository - -### `environment` -[**Required**] Finalcad envrionment: production, staging, sandbox - -### `region-friendly` -Finalcad region: frankfurt or tokyo, Default: frankfurt - -### `secret-file` -Path for secret file to create, Default: .finalcad/secrets.yaml - -## Usage - -```yaml -- name: Push secrets - uses: FinalCAD/AppSecretsAction@v0.0.1 - with: - github-ssh: ${{ secrets.GH_DEPLOY_SSH }} - environment: sandbox - region-friendly: frankfurt - app-name: api1-service-api - aws-role: ${{ secrets.DEPLOY_ROLE_MASTER }} -``` +In case of emergency and CI migration isn't possible fallback to [`v1.0.2-deprecated`](https://github.com/FinalCAD/AppSecretsAction/tree/v1.0.2-deprecated). diff --git a/action.yml b/action.yml index e414f46..b590587 100644 --- a/action.yml +++ b/action.yml @@ -3,99 +3,49 @@ description: 'Create a secret for microservice from global secret' inputs: app-name: description: 'Applcation id' - required: true + default: '' aws-role: description: 'Aws role to apply changes' - required: true + default: '' aws-region: description: 'Aws region' - default: 'eu-central-1' + default: '' terraform-version: description: 'Terraform version to install.' - default: 'latest' + default: '' terragrunt-version: description: 'Terragrunt version to install.' - default: 'latest' + default: '' appsecret-repo: description: 'appsecret repository' - default: 'FinalCAD/terraform-app-secrets' + default: '' appsecret-ref: - descrition: 'Ref to use for pulling repo apopsecret' - default: 'master' + description: 'Ref to use for pulling repo apopsecret' + default: '' github-token: description: 'Github token to pull package to avoid limit rate' default: '' github-ssh: description: 'Github ssh key to pull terragrunt from github api' - required: true + default: '' environment: description: 'Finalcad envrionment: production, staging, sandbox' - require: true + default: '' region-friendly: description: 'Finalcad region: frankfurt or tokyo' - default: 'frankfurt' + default: '' secret-file: description: 'File with path for secret configuration' - default: '.finalcad/secrets.yaml' + default: '' runs: using: 'composite' steps: - - uses: actions/checkout@v3 - with: - path: 'app' - - uses: actions/checkout@v3 - with: - ssh-key: ${{ inputs.github-ssh }} - repository: ${{ inputs.appsecret-repo }} - ref: ${{ inputs.appsecret-ref }} - path: 'terragrunt' - # Setup ssh key - - name: Add ssh key - shell: bash - run: | - mkdir -p ~/.ssh - echo "${{ inputs.github-ssh }}" > ~/.ssh/id_rsa - ssh-keyscan github.com >> ~/.ssh/known_hosts - chmod 600 ~/.ssh/id_rsa ~/.ssh/known_hosts - eval $(ssh-agent) - ssh-add ~/.ssh/id_rsa - # Setup terraform - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: ${{ inputs.terraform-version }} - terraform_wrapper: false - # Setup terragrunt - - name: Terragrunt Binary Installer Action - uses: autero1/action-terragrunt@v1.3.0 - if: inputs.terragrunt-version != 'disabled' - with: - terragrunt_version: ${{ inputs.terragrunt-version }} - token: ${{ inputs.github-token }} - # Copy secret configuration file - - name: Secret file - id: secretfile - shell: bash - run: | - set -e - if [ -f ./app/${{ inputs.secret-file }} ]; then - cp ./app/${{ inputs.secret-file }} ./terragrunt/secrets.yaml - echo "secretfile=ok" >> $GITHUB_OUTPUT - fi - # Configure aws credentials - - name: Configure AWS credentials for security - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: ${{ inputs.aws-region }} - role-to-assume: ${{ inputs.aws-role }} - role-session-name: OIDCSession - # Apply terragrunt - - name: Terragrunt apply + - name: "[deprecated] AppSecretsAction" shell: bash - if: ${{ steps.secretfile.outputs.secretfile }} == "ok" run: | - cd ./terragrunt/${{ inputs.environment }}/${{ inputs.region-friendly }}/appsecrets - terragrunt init -backend-config=key=appsecrets/${{ inputs.environment }}/${{ inputs.region-friendly }}/${{ inputs.app-name }}/terraform.tfstate - export TF_VAR_application_id=${{ inputs.app-name }} - export TF_VAR_region_finalcad=${{ inputs.region-friendly }} - terragrunt apply -auto-approve + cat <