From 5d9d36daeff7c503adf7d6bc638e418e31967f3e Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 28 Nov 2024 10:59:32 -0500 Subject: [PATCH] Fixing VPN and setting proper secrets (#202) --- .github/workflows/docker.yaml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 9a6aa90..64bf70b 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -8,8 +8,7 @@ env: AWS_REGION: ca-central-1 DOCKER_ORG: public.ecr.aws/cds-snc DOCKER_SLUG: public.ecr.aws/cds-snc/notify-document-download-api - WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }} - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }} permissions: id-token: write # This is required for requesting the OIDC JWT @@ -65,17 +64,24 @@ jobs: curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb sudo dpkg -i 1pass.deb - - name: One Password Fetch + - name: Setup Terraform tools + uses: cds-snc/terraform-tools-setup@v1 + env: # In case you want to override default versions + CONFTEST_VERSION: 0.30.0 + TERRAFORM_VERSION: 1.9.5 + TERRAGRUNT_VERSION: 0.66.9 + TF_SUMMARIZE_VERSION: 0.2.3 + + - name: Fetch VPN run: | - op read op://4eyyuwddp6w4vxlabrr2i2duxm/"Staging Github Actions VPN"/notesPlain > /var/tmp/staging.ovpn + curl https://raw.githubusercontent.com/cds-snc/notification-manifests/refs/heads/main/scripts/createVPNConfig.sh | bash -s staging - name: Connect to VPN uses: "kota65535/github-openvpn-connect-action@cd2ed8a90cc7b060dc4e001143e811b5f7ea0af5" with: config_file: /var/tmp/staging.ovpn - client_key: ${{ secrets.STAGING_OVPN_CLIENT_KEY }} - echo_config: false - + echo_config: false + - name: Get Kubernetes configuration run: | aws eks --region $AWS_REGION update-kubeconfig --name notification-canada-ca-staging-eks-cluster --kubeconfig $HOME/.kube/config