Skip to content

Fix "renew certs" for newer Kubespray clusters #1586

Fix "renew certs" for newer Kubespray clusters

Fix "renew certs" for newer Kubespray clusters #1586

Workflow file for this run

on:
push:
branches: [master, develop]
tags: [ v* ]
pull_request:
branches: [master, develop]
jobs:
offline:
name: Prepare offline package
# Useful to skip expensive CI when writing docs
if: "!contains(github.event.head_commit.message, 'skip ci')"
runs-on:
group: wire-server-deploy
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: wire-server
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
- name: Install nix environment
run: nix-env -f default.nix -iA env
- name: Run offline build
run: ./offline/ci.sh
env:
GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Get upload name
id: upload_name
run: |
# FIXME: Tag with a nice release name using the github tag...
# SOURCE_TAG=${GITHUB_REF#refs/tags/}
echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA
# echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA}
- name: Copy assets tarball to S3
run: |
aws s3 cp assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
env:
AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
AWS_REGION: "eu-west-1"
- name: Build and upload wire-server-deploy container
run: |
container_image=$(nix-build --no-out-link -A container)
skopeo copy --dest-creds "$DOCKER_LOGIN" \
docker-archive:"$container_image" \
"docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
env:
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Deploy offline environment to hetzner
run: |
./offline/cd.sh
env:
HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
- name: Clean up hetzner environment; just in case
if: always()
run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
env:
HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'