-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
113 lines (111 loc) · 3.86 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: 'Mojira Deploy'
description: 'Deploy Mojira community bots to Azure'
inputs:
azure_client_id:
description: "Client ID for Azure."
required: true
azure_tenant_id:
description: "Tenant ID for Azure."
required: true
azure_subscription_id:
description: "Subscription ID for Azure."
required: true
bastion_name:
description: "Name of the Bastion to deploy to."
required: true
bastion_ip:
description: "IP of the Bastion tunnel."
required: false
default: "localhost"
bastion_port:
description: "Port of the Bastion tunnel."
required: false
default: "50022"
resource_group:
description: "Resource group to deploy to."
required: true
resource_id:
description: "Resource ID to deploy to."
required: true
ssh_private_key:
description: "Private SSH key to use for connecting."
required: true
username:
description: "Username for authentication."
required: true
artifact_paths:
description: "Paths to artifacts (folders or files) to upload. String with exactly one path per line, and an empty line at the end."
required: true
artifact_destination:
description: "Target folder for artifact upload."
required: true
rsync_args:
description: "Arguments for uploading artifacts via rsync."
required: false
default: -avhW --delete
script:
description: "Script to run after uploading of artifacts."
required: false
default: ""
runs:
using: 'composite'
steps:
- name: Log in to Azure CLI
uses: azure/login@v2
with:
client-id: ${{ inputs.azure_client_id }}
tenant-id: ${{ inputs.azure_tenant_id }}
subscription-id: ${{ inputs.azure_subscription_id }}
- name: Open Bastion tunnel
run: |
echo Opening Bastion tunnel...
az extension add --name bastion
az network bastion tunnel --name $BASTION_NAME \
--resource-group $RESOURCE_GROUP --target-resource-id $RESOURCE_ID \
--resource-port 22 --port $BASTION_PORT &
az network bastion wait --created --name $BASTION_NAME --resource-group $RESOURCE_GROUP
shell: bash
env:
BASTION_NAME: ${{ inputs.bastion_name }}
BASTION_PORT: ${{ inputs.bastion_port }}
RESOURCE_GROUP: ${{ inputs.resource_group }}
RESOURCE_ID: ${{ inputs.resource_id }}
- name: Set up SSH key
run: |
echo Setting up SSH key...
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
shell: bash
env:
SSH_PRIVATE_KEY: ${{ inputs.ssh_private_key }}
- name: Upload artifacts
run: |
echo Uploading artifacts...
while IFS= read -r ARTIFACT_PATH; do
echo Uploading artifact $ARTIFACT_PATH...
rsync $RSYNC_ARGS -e "ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -p $BASTION_PORT" $GITHUB_WORKSPACE/$ARTIFACT_PATH $USERNAME@$BASTION_IP:$ARTIFACT_DESTINATION
done < <(printf '%s' "$ARTIFACT_PATHS")
shell: bash
env:
BASTION_IP: ${{ inputs.bastion_ip }}
BASTION_PORT: ${{ inputs.bastion_port }}
USERNAME: ${{ inputs.username }}
ARTIFACT_PATHS: ${{ inputs.artifact_paths }}
ARTIFACT_DESTINATION: ${{ inputs.artifact_destination }}
RSYNC_ARGS: ${{ inputs.rsync_args }}
- name: Run deploy script
run: |
echo Running internal deploy script...
ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -p $BASTION_PORT $USERNAME@$BASTION_IP <<EOF
$SCRIPT
EOF
shell: bash
env:
BASTION_IP: ${{ inputs.bastion_ip }}
BASTION_PORT: ${{ inputs.bastion_port }}
USERNAME: ${{ inputs.username }}
SCRIPT: ${{ inputs.script }}
branding:
color: "green"
icon: "upload-cloud"