Christian Simon
3e66c7ed21
* CI: Add Docker Hub authentication to ephemeral instances workflow Add Docker Hub login step to avoid unauthenticated image pull rate-limiting in the ephemeral-instances-pr-comment workflow. * Use the correct vault path
74 lines
2.7 KiB
YAML
74 lines
2.7 KiB
YAML
name: "Ephemeral instances"
|
|
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
pull_request:
|
|
types: [closed]
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
handle-ephemeral-instances:
|
|
if: ${{ github.repository_owner == 'grafana' && ((github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-to-hg')) || github.event.action == 'closed') }}
|
|
runs-on:
|
|
labels: ubuntu-x64-xlarge
|
|
continue-on-error: true
|
|
permissions:
|
|
# For commenting.
|
|
pull-requests: write
|
|
# No contents permission is needed because we will impersonate an app to create the PR instead.
|
|
id-token: write # required for vault access
|
|
|
|
steps:
|
|
- name: Get vault secrets
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@main
|
|
with:
|
|
# Secrets placed in ci/repo/grafana/grafana/
|
|
repo_secrets: |
|
|
APP_ID=ephemeral-instances-bot:app-id
|
|
APP_PEM=ephemeral-instances-bot:app-private-key
|
|
GCOM_HOST=ephemeral-instances-bot:gcom-host
|
|
GCOM_TOKEN=ephemeral-instances-bot:gcom-token
|
|
REGISTRY=ephemeral-instances-bot:registry
|
|
GCP_SA_ACCOUNT_KEY_BASE64=ephemeral-instances-bot:sa-key
|
|
# Secrets placed in the ci/common/<path> path in Vault
|
|
common_secrets: |
|
|
DOCKERHUB_USERNAME=dockerhub:username
|
|
DOCKERHUB_PASSWORD=dockerhub:password
|
|
|
|
- name: Log in to Docker Hub to avoid unauthenticated image pull rate-limiting
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ env.DOCKERHUB_USERNAME }}
|
|
password: ${{ env.DOCKERHUB_PASSWORD }}
|
|
|
|
- name: Generate a GitHub app installation token
|
|
id: generate_token
|
|
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0
|
|
with:
|
|
app_id: ${{ env.APP_ID }}
|
|
private_key: ${{ env.APP_PEM }}
|
|
|
|
- name: Checkout ephemeral instances repository
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
|
with:
|
|
repository: grafana/ephemeral-grafana-instances-github-action
|
|
token: ${{ steps.generate_token.outputs.token }}
|
|
ref: main
|
|
path: ephemeral
|
|
persist-credentials: false
|
|
|
|
- name: build and deploy ephemeral instance
|
|
uses: ./ephemeral
|
|
with:
|
|
github-token: ${{ steps.generate_token.outputs.token }}
|
|
gcom-host: ${{ env.GCOM_HOST }}
|
|
gcom-token: ${{ env.GCOM_TOKEN }}
|
|
registry: "${{ env.REGISTRY }}"
|
|
gcp-service-account-key: ${{ env.GCP_SA_ACCOUNT_KEY_BASE64 }}
|
|
ephemeral-org-id: ephemeral
|
|
oss-or-enterprise: oss
|
|
verbose: true
|