This repository has been archived by the owner on Mar 27, 2024. It is now read-only.
Update security code scanner file (#68) #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # based on https://github.com/do-community/example-doctl-action/blob/master/.github/workflows/workflow.yaml | |
| name: Deploy to DigitalOcean | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| name: Build, push, and deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout main | |
| uses: actions/checkout@main | |
| - name: Prepare config file | |
| env: | |
| FAUCET_CONFIG: ${{ secrets.FAUCET_CONFIG }} | |
| run: printf "$FAUCET_CONFIG" > $GITHUB_WORKSPACE/config.js | |
| - name: Build container image | |
| run: docker build -t registry.digitalocean.com/metamask/eth-faucet:$(echo $GITHUB_SHA | head -c7) . | |
| - name: Install doctl | |
| uses: digitalocean/action-doctl@v2 | |
| with: | |
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | |
| run: doctl registry login --expiry-seconds 600 | |
| - name: Push image to DigitalOcean Container Registry | |
| run: docker push registry.digitalocean.com/metamask/eth-faucet:$(echo $GITHUB_SHA | head -c7) | |
| - name: Update deployment file | |
| run: TAG=$(echo $GITHUB_SHA | head -c7) && sed -i 's|<IMAGE>|registry.digitalocean.com/metamask/eth-faucet:'${TAG}'|' $GITHUB_WORKSPACE/config/deployment.yml | |
| - name: Save DigitalOcean kubeconfig with short-lived credentials | |
| env: | |
| CLUSTER_ID: ${{ secrets.DIGITALOCEAN_CLUSTER_ID }} | |
| run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 "$CLUSTER_ID" | |
| - name: Deploy to DigitalOcean Kubernetes | |
| run: kubectl --validate=false apply -f $GITHUB_WORKSPACE/config/deployment.yml |