workflows/kamal
4
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
9ec5f3fa4fc0d04d0096e340a567d3984a396a4a
kamal/.gitea/workflows/deploy.yml
Jamie Schouten 9ec5f3fa4f Add readme
2025-08-05 15:16:43 +02:00

107 lines
3.0 KiB
YAML
Raw Blame History

on:
workflow_call:
secrets:
ssh-private-key:
required: true
type: string
certificate-pem:
required: false
type: string
private-key-pem:
required: false
type: string
inputs:
image:
required: false
type: string
default: git.qlic.nl/qlic/kamal:latest
environment:
required: true
type: string
username:
required: false
type: string
default: ${{ vars.REGISTRY_USERNAME }}
password:
required: false
type: string
default: ${{ vars.REGISTRY_PASSWORD }}
warden-client-id:
description: 'Bitwarden client id'
required: true
warden-client-secret:
description: 'Bitwarden client secret'
required: true
warden-password:
description: 'Bitwarden password'
required: true
warden-server:
description: 'Bitwarden server'
required: false
default: ${{ vars.WARDEN_URL }}
secrets:
description: "List of secret IDs and corresponding environment variable names (format: SECRET_ID > ENV_VAR)"
required: true
jobs:
deploy:
runs-on: ubuntu-24.04
container:
image: ${{ inputs.image }}
credentials:
username: ${{ inputs.username }}
password: ${{ inputs.password }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup SSH agent
uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387
with:
ssh-private-key: ${{ secrets.ssh-private-key }}
- name: Get bitwarden secrets
uses: https://git.qlic.nl/actions/warden@v1
with:
email: ${{ inputs.warden-email }}
password: ${{ inputs.warden-password }}
client-id: ${{ inputs.warden-client-id }}
client-secret: ${{ inputs.warden-client-secret }}
secrets: ${{ inputs.secrets }}
- name: Create .env file from secret
run: |
echo "$DOT_ENV" > .kamal/secrets.${{ inputs.environment }}
- name: Append kamal registry password
run: echo "KAMAL_REGISTRY_PASSWORD=${{ inputs.password }}" >> .kamal/secrets.${{ inputs.environment }}
- name: Add optional PEM secrets to .env
run: |
ENV_FILE=".kamal/secrets.${{ inputs.environment }}"
if [[ -n "${{ secrets.certificate-pem }}" ]]; then
echo "" >> "$ENV_FILE"
{
echo "CERTIFICATE_PEM='"
echo "${{ secrets.certificate-pem }}"
echo "'"
} >> "$ENV_FILE"
fi
if [[ -n "${{ secrets.private-key-pem }}" ]]; then
echo "" >> "$ENV_FILE"
{
echo "PRIVATE_KEY_PEM='"
echo "${{ secrets.private-key-pem }}"
echo "'"
} >> "$ENV_FILE"
fi
- name: Boot accessories
run: kamal accessory reboot all -d ${{ inputs.environment }}
- name: Deploy
run: kamal deploy -d ${{ inputs.environment }}
Reference in New Issue View Git Blame Copy Permalink