ci: 🎡 removed repo secrets

ministryofjustice · Sep 27, 2023 · 8de760a · 8de760a
1 parent 940677d
commit 8de760a
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 7 deletions.
diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
@@ -29,5 +29,9 @@ jobs:
       env: development
       image_tag: ${{ github.sha }}
     secrets:
+      kube_namespace: "${{ secrets.KUBE_NAMESPACE }}"
+      kube_cert: "${{ secrets.KUBE_CERT }}"
+      kube_cluster: "${{ secrets.KUBE_CLUSTER }}"
+      kube_token: "${{ secrets.KUBE_TOKEN }}"
       ecr_url: "${{ needs.build-and-push.outputs.REGISTRY }}/webops/cloud-platform-go-get-module-ecr"
 
diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml
@@ -30,5 +30,9 @@ jobs:
       env: production
       image_tag: ${{ github.ref_name }}
     secrets:
+      kube_namespace: "${{ secrets.KUBE_NAMESPACE }}"
+      kube_cert: "${{ secrets.KUBE_CERT }}"
+      kube_cluster: "${{ secrets.KUBE_CLUSTER }}"
+      kube_token: "${{ secrets.KUBE_TOKEN }}"
       ecr_url: "${{ needs.build-and-push.outputs.REGISTRY }}/webops/cloud-platform-go-get-module-ecr"
 
diff --git a/.github/workflows/deploy-workflow.yaml b/.github/workflows/deploy-workflow.yaml
@@ -12,6 +12,18 @@ on:
         type: string
         required: true
     secrets:
+      kube_namespace:
+        description: 'the kubernetes namespace to deploy to'
+        required: true
+      kube_cert:
+        description: 'cert used to verify identity to cluster'
+        required: true
+      kube_cluster:
+        description: 'address of the cluster to connect to'
+        required: true
+      kube_token:
+        description: 'used to authenticate to the cluster'
+        required: true
       ecr_url:
         description: 'the url for the ecr repo, where the image is pulled from'
         required: true
@@ -41,17 +53,17 @@ jobs:
         - name: Create cert certificate-authority
           id: create-cert-authority
           shell: bash
-          run: echo "${{ secrets.KUBE_CERT }}" > ca.crt
+          run: echo "${{ secrets.kube_cert }}" > ca.crt
 
         - name: Authenticate to the cluster
           shell: bash
           id: authenticate
           env:
-            KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
+            KUBE_CLUSTER: ${{ secrets.kube_cluster }}
           run: |
             kubectl config set-cluster "${KUBE_CLUSTER}" --certificate-authority=ca.crt --server="${KUBE_CLUSTER}"
-            kubectl config set-credentials deploy-user --token="${{ secrets.KUBE_TOKEN }}"
-            kubectl config set-context "${KUBE_CLUSTER}" --cluster="${KUBE_CLUSTER}" --user=deploy-user --namespace="${{ secrets.KUBE_NAMESPACE }}"
+            kubectl config set-credentials deploy-user --token="${{ secrets.kube_token }}"
+            kubectl config set-context "${KUBE_CLUSTER}" --cluster="${KUBE_CLUSTER}" --user=deploy-user --namespace="${{ secrets.kube_namespace }}"
             kubectl config use-context "${KUBE_CLUSTER}"
 
             # export flat kube config so helm image can read it
@@ -64,14 +76,14 @@ jobs:
           uses: vimeda/helm@v1.7.0
           with:
             release: go-get-module
-            namespace: ${{ secrets.KUBE_NAMESPACE }}
+            namespace: ${{ secrets.kube_namespace }}
             chart: deploy
             values: |
               ecrUrl: ${{ secrets.ecr_url }}
               imageTag: ${{ inputs.image_tag }}
               cluster: ${{ steps.set-cluster.outputs.CLUSTER }}
-              ingressIdentifier: api-${{ secrets.KUBE_NAMESPACE }}-${{ steps.set-cluster.outputs.INGRESS_COLOUR }}
-              namespace: ${{ secrets.KUBE_NAMESAPCE }}
+              ingressIdentifier: api-${{ secrets.kube_namespace }}-${{ steps.set-cluster.outputs.INGRESS_COLOUR }}
+              namespace: ${{ secrets.kube_namespace }}
           env:
             KUBECONFIG_FILE: ${{ env.FLAT_KUBE_CONFIG }}