forked from linkyard/docker-logrotate
-
Notifications
You must be signed in to change notification settings - Fork 0
44 lines (40 loc) · 1.6 KB
/
maintenance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
---
name: Configure maintenance Pull Request
on:
pull_request:
types:
- labeled
- opened
jobs:
configure-pr:
name: Configure maintenance Pull Request
runs-on: ubuntu-latest
steps:
- name: Generate a GitHub token
id: github-token
uses: camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets@main
with:
github-app-id-vault-key: GITHUB_APP_ID
github-app-id-vault-path: secret/data/products/infra/ci/team-infrastructure
github-app-private-key-vault-key: GITHUB_APP_PRIVATE_KEY
github-app-private-key-vault-path: secret/data/products/infra/ci/team-infrastructure
vault-auth-method: approle
vault-auth-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-auth-secret-id: ${{ secrets.VAULT_SECRET_ID}}
vault-url: ${{ secrets.VAULT_ADDR }}
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false # we rely on step outputs, no need for environment variables
secrets: |
secret/data/products/infra/ci/infra-core SLACK_WEBHOOK_INFRA_ALERTS;
- name: Apply maintenance parameters to the Pull Request if applicable
uses: camunda/infra-global-github-actions/teams/infra/configure-maintenance-pull-request@main
with:
github-token: ${{ steps.github-token.outputs.token }}
slack-webhook-url: ${{ steps.secrets.outputs.SLACK_WEBHOOK_INFRA_ALERTS }}