diff --git a/.github/workflows/broker-intention.sh b/.github/workflows/broker-intention.sh deleted file mode 100755 index a664cf9..0000000 --- a/.github/workflows/broker-intention.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -echo "===> Create Intention" -# Create intention -cat ./.github/workflows/vault-config-intention.json | jq "\ - .event.url=\"$GITHUB_SERVER_URL$GITHUB_EVENT_PATH\" | \ - .user.name=\"mbystedt@azureidir\" | \ - (.actions[] | select(.id == \"configure\") .cloud.target.account.id) |= \"$VAULT_OCP_ACCOUNT_ID\" | \ - (.actions[] | select(.id == \"configure\") .service.environment) |= (\"$GITHUB_ENVIRONMENT\"|ascii_downcase) \ - " > intention.json diff --git a/.github/workflows/vault-config-intention.json b/.github/workflows/vault-config-intention.json deleted file mode 100644 index 2be9fcc..0000000 --- a/.github/workflows/vault-config-intention.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "event": { - "provider": "vsync-github-action", - "reason": "Job triggered", - "transient": true, - "url": "JOB_URL" - }, - "actions": [ - { - "action": "package-configure", - "cloud": { - "target": { - "account": { - "id": "7e553b-prod" - }, - "project": { - "id": "7e553b" - }, - "provider": "ocp", - "service": { - "name": "silver" - } - } - }, - "id": "configure", - "provision": ["token/self"], - "service": { - "name": "vsync", - "project": "vault", - "environment": "production" - }, - "vaultEnvironment": "production" - } - ], - "user": { - "name": "$GITHUB_ACTOR@github" - } -} diff --git a/.github/workflows/vault-sync-app-pipeline.yml b/.github/workflows/vault-sync-app-pipeline.yml deleted file mode 100644 index d063081..0000000 --- a/.github/workflows/vault-sync-app-pipeline.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Vault Sync App Pipeline -# Run this workflow every time a new commit pushed to main and on a schedule -on: - schedule: - - cron: "45 * * * *" - push: - branches: - - main - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - Development: - uses: ./.github/workflows/vault-sync-app-runner.yml - with: - name: Development - secrets: inherit - - Test: - uses: ./.github/workflows/vault-sync-app-runner.yml - with: - name: Test - secrets: inherit - needs: Development - - Production: - uses: ./.github/workflows/vault-sync-app-runner.yml - with: - name: Production - secrets: inherit - needs: Test diff --git a/.github/workflows/vault-sync-app-runner.yml b/.github/workflows/vault-sync-app-runner.yml deleted file mode 100644 index b8c3172..0000000 --- a/.github/workflows/vault-sync-app-runner.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Vault Sync App Runner - -on: - workflow_dispatch: - workflow_call: - inputs: - name: - description: 'Environment to run against' - type: string - required: true - -jobs: - - run: - runs-on: ubuntu-latest - environment: ${{ inputs.name }} - steps: - - name: Checkout Code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.workflow_run.head_branch }} - - name: Checkout Config - uses: actions/checkout@v4 - with: - repository: "bcgov-nr/vault-sync-config" - token: ${{ secrets.GH_PAT }} - path: config-repo - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'npm' - - run: npm ci - - run: npm run postpack - - run: cp config-repo/config.json config/config.json - # Runs script to obtain Vault token - - name: Build Intention - run: sh ./.github/workflows/broker-intention.sh - env: - VAULT_OCP_ACCOUNT_ID: ${{ vars.VAULT_OCP_ACCOUNT_ID }} - GITHUB_EVENT_PATH: ${{ github.event_path }} - GITHUB_ENVIRONMENT: ${{ inputs.name }} - - name: Open intention - uses: bcgov-nr/action-broker-intention-open@v2 - with: - broker_jwt: ${{ secrets.BROKER_JWT }} - broker_url: ${{ vars.BROKER_ADDR }} - - name: Start configure action - uses: bcgov-nr/action-broker-action-start@v2 - with: - action_token: ${{ env.ACTION_TOKEN_CONFIGURE }} - broker_url: ${{ vars.BROKER_ADDR }} - - name: Vault login - uses: bcgov-nr/action-broker-vault-login@v2 - with: - action_token: ${{ env.ACTION_TOKEN_CONFIGURE }} - broker_url: ${{ vars.BROKER_ADDR }} - role_id: ${{ secrets.PROVISION_ROLE_ID }} - vault_url: ${{ vars.VAULT_ADDR }} - - run: ./bin/dev policy-sync - env: - VAULT_ADDR: ${{ vars.VAULT_ADDR }} - BROKER_TOKEN: ${{ secrets.BROKER_TOKEN }} - - run: ./bin/dev group-sync - env: - VAULT_ADDR: ${{ vars.VAULT_ADDR }} - BROKER_TOKEN: ${{ secrets.BROKER_TOKEN }} - - run: ./bin/dev approle-sync - env: - VAULT_ADDR: ${{ vars.VAULT_ADDR }} - BROKER_TOKEN: ${{ secrets.BROKER_TOKEN }} - - name: Revoke Vault Token Action - uses: bcgov-nr/action-broker-vault-revoke@v2 - with: - vault_token: ${{ env.VAULT_TOKEN }} - vault_url: ${{ vars.VAULT_ADDR }} - - name: End configure action - uses: bcgov-nr/action-broker-action-end@v2 - with: - action_token: ${{ env.ACTION_TOKEN_CONFIGURE }} - broker_url: ${{ vars.BROKER_ADDR }} - - name: Close intention - uses: bcgov-nr/action-broker-intention-close@v2 - with: - intention_token: ${{ env.INTENTION_TOKEN }} - broker_url: ${{ vars.BROKER_ADDR }}