This repository has been archived by the owner on Oct 8, 2022. It is now read-only.
Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
bender-slackbot/.github/workflows/build.yml
View runs Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
102 lines (90 sloc)
5.48 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy bender slackbot | |
| on: | |
| push: | |
| branches: [master, hetzner] | |
| workflow_dispatch: | |
| inputs: | |
| ca_pub_fingerprint: | |
| description: fingerprint of CA signed user cert | |
| required: false | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| env: | |
| MY_CA: /root/my-ca | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-go@v2 | |
| with: | |
| go-version: "1.19" | |
| - name: Build application and docker image | |
| run: | | |
| go mod tidy | |
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build bender.go | |
| docker build --pull --no-cache -t danackerson/slackbot:vg$GITHUB_RUN_ID . | |
| export DUSER=$(echo ${{ secrets.ORG_DOCKER_USER }} | base64 -d) | |
| export DPASS=$(echo ${{ secrets.ORG_DOCKER_PASS }} | base64 -d) | |
| docker login -u $DUSER -p $DPASS | |
| docker tag danackerson/slackbot:vg$GITHUB_RUN_ID danackerson/slackbot:latest | |
| docker push --all-tags danackerson/slackbot | |
| - name: Deploy to Hetzner | |
| run: | | |
| git clone https://github.com/ackersonde/hetzner_home.git | |
| cd hetzner_home | |
| go mod tidy | |
| go build hetzner.go | |
| cd ../ | |
| export HETZNER_API_TOKEN=$(echo ${{ secrets.ORG_HETZNER_CLOUD_API_TOKEN }} | base64 -d) | |
| public_ip_address=$(curl -s https://checkip.amazonaws.com) | |
| ./hetzner_home/hetzner -fn=firewallSSH -tag=homepage -ip=$public_ip_address | |
| mkdir ~/.ssh | |
| echo "${{ secrets.HETZNER_SSH_PRIVKEY }}" | base64 -d > ~/.ssh/id_rsa | |
| chmod 400 ~/.ssh/id_rsa | |
| export DUSER=$(echo ${{ secrets.ORG_DOCKER_USER }} | base64 -d) | |
| export DPASS=$(echo ${{ secrets.ORG_DOCKER_PASS }} | base64 -d) | |
| ssh -o StrictHostKeyChecking=no root@ackerson.de "\ | |
| mkdir $MY_CA || true && \ | |
| echo "${{ secrets.ORG_SERVER_DEPLOY_SECRET }}" | base64 -d > $MY_CA/id_ed25519 && \ | |
| chmod 600 $MY_CA/id_ed25519 && \ | |
| echo "${{ secrets.ORG_SERVER_DEPLOY_CACERT }}" | base64 -d > $MY_CA/id_ed25519-cert.pub && \ | |
| chmod 600 $MY_CA/id_ed25519-cert.pub && \ | |
| echo $DPASS | docker login -u $DUSER --password-stdin && \ | |
| docker rm -f bender || true && \ | |
| docker run -d --restart=always \ | |
| -e ORG_PHOTOS_BASIC_AUTH_TOKEN_B64=${{ secrets.ORG_PHOTOS_BASIC_AUTH_TOKEN }} \ | |
| -e GITHUB_RUN_ID=$GITHUB_RUN_ID \ | |
| -e HETZNER_API_TOKEN=$(echo ${{ secrets.ORG_HETZNER_CLOUD_API_TOKEN }} | base64 -d) \ | |
| -e HETZNER_VAULT_VOLUME_ID=$(echo ${{ secrets.ORG_HETZNER_VAULT_VOLUME_ID }} | base64 -d) \ | |
| -e HETZNER_PROJECT=$(echo ${{ secrets.ORG_HETZNER_PROJECT }} | base64 -d) \ | |
| -e HETZNER_FIREWALL=$(echo ${{ secrets.ORG_HETZNER_FIREWALL }} | base64 -d) \ | |
| -e ETHERSCAN_API_KEY=$(echo ${{ secrets.ORG_ETHERSCAN_API_KEY }} | base64 -d) \ | |
| -e ETHEREUM_ADDRESS_METAMASK=$(echo ${{ secrets.ORG_ETHEREUM_ADDRESS_METAMASK }} | base64 -d) \ | |
| -e CURRENT_PGP_FINGERPRINT=$(echo ${{ secrets.ORG_CURRENT_PGP_FINGERPRINT }} | base64 -d) \ | |
| -e STELLAR_LUMENS_ADDRESS=$(echo ${{ secrets.ORG_STELLAR_LUMENS_ADDRESS }} | base64 -d) \ | |
| -e SLACK_CHANNEL=$(echo ${{ secrets.ORG_SLACK_CHANNEL }} | base64 -d) \ | |
| -e SLACK_NEW_API_TOKEN=$(echo ${{ secrets.ORG_SLACK_NEW_API_TOKEN }} | base64 -d) \ | |
| -e SLACK_EVENTSAPI_ENDPOINT=$(echo ${{ secrets.ORG_SLACK_EVENTSAPI_ENDPOINT }} | base64 -d) \ | |
| -e SLACK_VERIFICATION_TOKEN=$(echo ${{ secrets.ORG_SLACK_VERIFICATION_TOKEN }} | base64 -d) \ | |
| -e SLACK_SIGNING_SECRET=$(echo ${{ secrets.ORG_SLACK_SIGNING_SECRET }} | base64 -d) \ | |
| -e SLACK_BENDER_BOT_USERID=$(echo ${{ secrets.ORG_SLACK_BENDER_BOT_USERID }} | base64 -d) \ | |
| -e ACKDE_HOST_SSH_KEY_PUB_B64=${{ secrets.ORG_ACKDE_HOST_SSH_KEY_PUB }} \ | |
| -e BUILD_HOSTNAME=$(echo ${{ secrets.ORG_BUILD_HOST }} | base64 -d) \ | |
| -e MASTER_HOSTNAME=$(echo ${{ secrets.ORG_MASTER_HOST }} | base64 -d) \ | |
| -e SLAVE_HOSTNAME=$(echo ${{ secrets.ORG_SLAVE_HOST }} | base64 -d) \ | |
| -e VAULT_ADDR=$(echo ${{ secrets.ORG_VAULT_API_ENDPOINT }} | base64 -d) \ | |
| -e VAULT_APPROLE_SECRET_ID=$(echo ${{ secrets.ORG_VAULT_TOTP_MGMT_SECRET_ID }} | base64 -d) \ | |
| -e VAULT_APPROLE_ROLE_ID=$(echo ${{ secrets.ORG_VAULT_TOTP_MGMT_ROLE_ID }} | base64 -d) \ | |
| -v $MY_CA/id_ed25519:/root/.ssh/id_ed25519:ro \ | |
| -v $MY_CA/id_ed25519-cert.pub:/root/.ssh/id_ed25519-cert.pub:ro \ | |
| -v /root/syncthing/2086h-4d0t2:/app/sync \ | |
| --label='traefik.enable=true' \ | |
| --label='traefik.http.routers.bender.middlewares=secHeaders@file' \ | |
| --label='traefik.http.routers.bender.tls.domains=$(echo ${{ secrets.ORG_SLACK_BENDER_HOST }} | base64 -d)' \ | |
| --label='traefik.http.routers.bender.rule=Host(\`$(echo ${{ secrets.ORG_SLACK_BENDER_HOST }} | base64 -d)\`)' \ | |
| --name bender danackerson/slackbot:vg$GITHUB_RUN_ID" | |
| rm -Rf ~/.ssh ~/.docker/config.json | |
| ./hetzner_home/hetzner -fn=cleanupDeploy -tag=homepage | |
| export SLACK_NOTIFY_TOKEN=$(echo ${{ secrets.ORG_SLACK_NOTIFICATIONS_TOKEN }} | base64 -d) | |
| curl -s -o /dev/null -X POST -d token=$SLACK_NOTIFY_TOKEN -d channel=C092UE0H4 \ | |
| -d text="<https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|$GITHUB_REPOSITORY @ $GITHUB_RUN_ID>" \ | |
| https://slack.com/api/chat.postMessage |