From 212671a6dfec656556cb2213591c7f12267a790e Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Thu, 6 Jun 2024 08:24:13 +0300 Subject: [PATCH] Yonote cleanup template. --- .../werf-yonote-cleanup-template.yml | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 .gitea/workflows/werf-yonote-cleanup-template.yml diff --git a/.gitea/workflows/werf-yonote-cleanup-template.yml b/.gitea/workflows/werf-yonote-cleanup-template.yml new file mode 100644 index 0000000..18b979e --- /dev/null +++ b/.gitea/workflows/werf-yonote-cleanup-template.yml @@ -0,0 +1,68 @@ +name: Cleanup Docker registry +on: + workflow_call: + inputs: + docker_repo_path: + default: private.docker.wilix.dev + required: false + type: string + docker_images_path: + description: 'Относительный путь для образов проекта' + required: true + type: string + werf_debug: + default: false + required: false + type: boolean + secrets: + VAULT_ROLE_ID: + required: true + VAULT_SECRET_ID: + required: true + +env: + vault_main_base_path: dev/wilix/main/data/ci + +jobs: + cleanup: + name: Cleanup + runs-on: ubuntu-latest + steps: + - uses: https://github.com/actions/checkout@v3 + - name: Fetch all history for all tags and branches + run: git fetch --prune --unshallow + + # FIXME Эти секреты нужно будет сделать полностью различными для проектов, идеально - краткосрочные генерируемые vault + - id: import-secrets + uses: https://github.com/hashicorp/vault-action@v2 + with: + url: https://vault.wilix.dev + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + ${{ env.vault_main_base_path }} local_cluster_kube_config_base64 ; + ${{ env.vault_main_base_path }} docker_registry_username ; + ${{ env.vault_main_base_path }} docker_registry_password ; + dev/wilix/yonote/data/ci/yonote NPM_AUTH_TOKEN ; + + - name: Login to wilix nexus Container Registry + uses: https://github.com/docker/login-action@v2 + with: + registry: ${{ inputs.docker_repo_path }} + username: ${{ steps.import-secrets.outputs.docker_registry_username }} + password: ${{ steps.import-secrets.outputs.docker_registry_password }} + + - name: Install werf + uses: https://github.com/werf/actions/install@v1.2 + + - name: Setup debug if need + if: ${{ inputs.werf_debug }} + run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV" + + - name: Cleanup + run: werf cleanup + env: + WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }} + WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }} + NPM_AUTH_TOKEN: ${{ steps.import-secrets.outputs.NPM_AUTH_TOKEN }}