Skip to content

Commit

Permalink
Migrate prod env to AKS
Browse files Browse the repository at this point in the history
  • Loading branch information
@RMcVelia
RMcVelia committed Nov 1, 2023
1 parent 1306092 commit 5ec0f17
Show file tree
Hide file tree
Showing 11 changed files with 121 additions and 299 deletions.
25 changes: 15 additions & 10 deletions .github/workflows/build-no-cache.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,24 @@ jobs:

- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
with:
var_file: .github/common_environment_aks.yml

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }}

- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
- name: Fetch secrets from key vault
uses: azure/CLI@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK, SNYK-TOKEN
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
SNYK_TOKEN=$(az keyvault secret show --name "SNYK-TOKEN" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv)
echo "::add-mask::$SNYK_TOKEN"
echo "SNYK_TOKEN=$SNYK_TOKEN" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@master
Expand Down Expand Up @@ -67,7 +72,7 @@ jobs:
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ steps.keyvault-yaml-secret.outputs.SNYK-TOKEN }}
SNYK_TOKEN: ${{ steps.keyvault-yaml-secret.outputs.SNYK_TOKEN }}
with:
image: ${{ env.DOCKER_REPOSITORY }}:master
args: --severity-threshold=high --file=Dockerfile
Expand All @@ -83,4 +88,4 @@ jobs:
SLACK_COLOR: ${{ env.SLACK_ERROR }}
SLACK_MESSAGE: 'There has been a failure building the application'
SLACK_TITLE: 'Failure Building Application'
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }}
Loading

0 comments on commit 5ec0f17

Please sign in to comment.