generated from microsoft/AzureTRE-Deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
78 lines (71 loc) · 3.19 KB
/
lets_encrypt.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
---
name: Renew Lets Encrypt Certificates
on: # yamllint disable-line rule:truthy
schedule:
# 3am each month https://crontab.guru/#0_3_1_*_*
- cron: "0 3 1 * *"
workflow_dispatch:
# This will prevent multiple runs of this entire workflow.
# We should NOT cancel in progress runs as that can destabilize the environment.
concurrency: letsencrypt
env:
USE_ENV_VARS_NOT_FILES: true
TF_INPUT: 0 # interactive is off
TF_IN_AUTOMATION: 1 # Run in headless mode
jobs:
renew_letsencrypt_certs:
name: Renew Lets Encrypt Certificates
runs-on: ubuntu-latest
environment: CICD
steps:
- name: Checkout
uses: actions/checkout@v3
with:
persist-credentials: false
- name: Install Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.4.5
terraform_wrapper: false
# - name: Renew Certificates
# shell: bash
# env:
# ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }}
# ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }}
# ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
# ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }}
# TRE_ID: ${{ secrets.TRE_ID }}
# TERRAFORM_STATE_CONTAINER_NAME:
# ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
# MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
# MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}
# run: |
# sudo apt-get install -y python3 python3-venv libaugeas0 \
# && python3 -m venv /opt/certbot/ \
# && /opt/certbot/bin/pip install --upgrade pip \
# && /opt/certbot/bin/pip install certbot
# make letsencrypt
- name: Renew Certificates
uses: ./.github/actions/devcontainer_run_command
with:
COMMAND: "sudo apt-get install -y python3 python3-venv libaugeas0 \
&& python3 -m venv /opt/certbot/ \
&& /opt/certbot/bin/pip install --upgrade pip \
&& /opt/certbot/bin/pip install certbot
make letsencrypt"
DEVCONTAINER_TAG: ${{ inputs.DEVCONTAINER_TAG }}
CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME}}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
AZURE_ENVIRONMENT: ${{ vars.AZURE_ENVIRONMENT }}
ACR_NAME: ${{ secrets.ACR_NAME }}
API_CLIENT_ID: "${{ secrets.API_CLIENT_ID }}"
AAD_TENANT_ID: "${{ secrets.AAD_TENANT_ID }}"
TEST_APP_ID: "${{ secrets.TEST_APP_ID }}"
TEST_ACCOUNT_CLIENT_ID: "${{ secrets.TEST_ACCOUNT_CLIENT_ID }}"
TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
TRE_ID: ${{ secrets.TRE_ID }}
LOCATION: ${{ vars.LOCATION }}
BUNDLE_TYPE: ${{ matrix.BUNDLE_TYPE }}
TERRAFORM_STATE_CONTAINER_NAME: ${{ vars.TERRAFORM_STATE_CONTAINER_NAME }}
MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}