From 7e88e0aa6b193146bdb7b39044d970bb7c8ed8f2 Mon Sep 17 00:00:00 2001 From: Stanislav Melnichuk Date: Tue, 30 May 2023 10:59:27 +0300 Subject: [PATCH] Added werf cleanup as a template. --- .gitea/workflows/werf-cleanup-template.yml | 66 ++++++++++++++++++++++ .gitea/workflows/werf-deploy-template.yml | 1 + 2 files changed, 67 insertions(+) create mode 100644 .gitea/workflows/werf-cleanup-template.yml diff --git a/.gitea/workflows/werf-cleanup-template.yml b/.gitea/workflows/werf-cleanup-template.yml new file mode 100644 index 0000000..88d6981 --- /dev/null +++ b/.gitea/workflows/werf-cleanup-template.yml @@ -0,0 +1,66 @@ +name: Cleanup Docker registry +on: + workflow_call: + inputs: + docker_repo_path: + default: private.docker.wilix.dev + required: false + type: string + docker_images_path: + description: 'Относительный путь для образов проекта' + required: true + type: string + werf_debug: + default: false + required: false + type: boolean + secrets: + VAULT_ROLE_ID: + required: true + VAULT_SECRET_ID: + required: true + +env: + vault_main_base_path: dev/wilix/main/data/ci + +jobs: + cleanup: + name: Cleanup + runs-on: ubuntu-latest + steps: + - uses: https://github.com/actions/checkout@v3 + - name: Fetch all history for all tags and branches + run: git fetch --prune --unshallow + + # FIXME Эти секреты нужно будет сделать полностью различными для проектов, идеально - краткосрочные генерируемые vault + - id: import-secrets + uses: https://github.com/hashicorp/vault-action@v2 + with: + url: https://vault.wilix.dev + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + ${{ env.vault_main_base_path }} local_cluster_kube_config_base64 ; + ${{ env.vault_main_base_path }} docker_registry_username ; + ${{ env.vault_main_base_path }} docker_registry_password ; + + - name: Login to wilix nexus Container Registry + uses: https://github.com/docker/login-action@v2 + with: + registry: ${{ inputs.docker_repo_path }} + username: ${{ steps.import-secrets.outputs.docker_registry_username }} + password: ${{ steps.import-secrets.outputs.docker_registry_password }} + + - name: Install werf + uses: https://github.com/werf/actions/install@v1.2 + + - name: Setup debug if need + if: ${{ inputs.werf_debug }} + run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV" + + - name: Cleanup + run: werf cleanup + env: + WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }} + WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }} diff --git a/.gitea/workflows/werf-deploy-template.yml b/.gitea/workflows/werf-deploy-template.yml index f55b045..b5951c6 100644 --- a/.gitea/workflows/werf-deploy-template.yml +++ b/.gitea/workflows/werf-deploy-template.yml @@ -1,3 +1,4 @@ +name: "Deploy stand by werf to kubernetes" on: workflow_call: inputs: