ci/cd - move k8s login in staging-tests job

2026-05-24 09:28:37 +00:00 · 2023-08-31 12:16:29 +02:00 · 2023-08-31 12:16:29 +02:00 · b5638aae19
commit b5638aae19
parent 4450762b8c
5 changed files with 42 additions and 36 deletions
--- a/.github/workflows/staging-create-infra.yml
+++ b/.github/workflows/staging-create-infra.yml
@ -45,8 +45,6 @@ jobs:
      - run: ./tests/create.sh ${{ inputs.TYPE }}
        env:
          CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
-          REG_USER: ${{ github.actor }}
-          REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          K8S_IP: ${{ secrets.K8S_IP }}
      - run: |
          tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
--- a/.github/workflows/staging-tests.yml
+++ b/.github/workflows/staging-tests.yml
@ -53,8 +53,18 @@ jobs:
          openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar 
          rm -f /tmp/.secret_key
          tar xf /tmp/terraform.tar -C /
+          mkdir /tmp/reg
+          cp tests/terraform/k8s.tf /tmp/reg
+          cp tests/terraform/providers.tf /tmp/reg
+          cd /tmp/reg
+          export TF_VAR_k8s_reg_user=${REG_USER}
+          export TF_VAR_k8s_reg_token=${REG_TOKEN}
+          terraform init
+          terraform apply -auto-approve
        env:
          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          REG_USER: ${{ github.actor }}
+          REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        if: inputs.TYPE == 'k8s'
      - uses: azure/setup-kubectl@v3
        if: inputs.TYPE == 'k8s'
--- a/tests/create.sh
+++ b/tests/create.sh
@ -2,8 +2,6 @@

 # drop and export secrets
 echo "${CICD_SECRETS}" > /opt/.env
-echo "export TF_VAR_k8s_reg_user=${REG_USER}" >> /opt/.env
-echo "export TF_VAR_k8s_reg_token=${REG_TOKEN}" >> /opt/.env
 echo "export TF_VAR_k8s_ip=${K8S_IP}" >> /opt/.env
 chmod +x /opt/.env
 . /opt/.env
--- a/tests/terraform/k8s-reg.tf
+++ b/tests/terraform/k8s-reg.tf
@ -0,0 +1,32 @@
+variable "k8s_reg_user" {
+  type = string
+  nullable = false
+  sensitive = true
+}
+variable "k8s_reg_token" {
+  type = string
+  nullable = false
+  sensitive = true
+}
+
+# Setup registry
+provider "kubernetes" {
+  config_path = "/tmp/k8s/kubeconfig"
+}
+resource "kubernetes_secret" "reg" {
+  metadata {
+    name = "secret-registry"
+  }
+  type = "kubernetes.io/dockerconfigjson"
+  data = {
+    ".dockerconfigjson" = jsonencode({
+      auths = {
+        "ghcr.io" = {
+          "username" = var.k8s_reg_user
+          "password" = var.k8s_reg_token
+          "auth"     = base64encode("${var.k8s_reg_user}:${var.k8s_reg_token}")
+        }
+      }
+    })
+  }
+}
--- a/tests/terraform/k8s.tf
+++ b/tests/terraform/k8s.tf
@ -4,16 +4,6 @@ variable "k8s_ip" {
  nullable = false
  sensitive = true
 }
-variable "k8s_reg_user" {
-  type = string
-  nullable = false
-  sensitive = true
-}
-variable "k8s_reg_token" {
-  type = string
-  nullable = false
-  sensitive = true
-}

 # Create k8s cluster
 resource "scaleway_k8s_cluster" "cluster" {
@ -53,26 +43,4 @@ resource "local_sensitive_file" "lb_yml" {
 resource "kubectl_manifest" "lb" {
  depends_on = [local_sensitive_file.lb_yml]
  yaml_body = local_sensitive_file.lb_yml.content
-}
-
-# Setup registry
-provider "kubernetes" {
-  config_path = "${local_sensitive_file.kubeconfig.filename}"
-}
-resource "kubernetes_secret" "reg" {
-  metadata {
-    name = "secret-registry"
-  }
-  type = "kubernetes.io/dockerconfigjson"
-  data = {
-    ".dockerconfigjson" = jsonencode({
-      auths = {
-        "ghcr.io" = {
-          "username" = var.k8s_reg_user
-          "password" = var.k8s_reg_token
-          "auth"     = base64encode("${var.k8s_reg_user}:${var.k8s_reg_token}")
-        }
-      }
-    })
-  }
 }