add novops conf

2023-12-06 19:38:45 +01:00 · 2023-12-06 19:38:45 +01:00 · 8eb6ba303c
parent d83adf0473
commit 8eb6ba303c
4 changed files with 57 additions and 5 deletions
--- a/.mage.yml.dist
+++ b/.mage.yml.dist
@ -18,6 +18,7 @@ magephp:
                - "/var/cache/*"
                - "/var/log/*"
                - "/public/media"
+				- "/.secrets"
            hosts:
                - ssh_host
            on-deploy:
--- a/.novops.yml
+++ b/.novops.yml
@ -0,0 +1,39 @@
+environments:
+  build:
+    variables:
+      - name: MYSQLDUMP
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: mysqldump
+
+  deploy:
+    variables:
+      - name: SSH_USER
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: ssh_user
+
+      - name: SSH_HOST
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: ssh_host
+
+      - name: SSH_PRIV_KEY
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: ssh_priv_key
+
+      - name: APP_DIRECTORY
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: app_directory
--- a/.woodpecker/build.yml
+++ b/.woodpecker/build.yml
@ -1,6 +1,6 @@
 variables:
-  - &volumes
-    - node16_cache:/root/.npm
+  volumes: &volumes
+    - node_cache:/root/.npm
    - /data/${CI_REPO}:/builds

 when:
@ -8,6 +8,12 @@ when:
  branch: [master, master-*, develop, develop-*, feature/*]

 steps:
+  secrets:
+    image: gitnet.fr/deblan/novops
+    secrets: [vault_addr, vault_token]
+    commands:
+      - novops load -e build > .secrets
+
  db-wait:
    image: gitnet.fr/deblan/timeout:latest
    commands:
@ -15,8 +21,8 @@ steps:

  db-create:
    image: mariadb:10.3
-    secrets: [mysqldump]
    commands:
+      - . /.secrets
      - mysql -hdb -uroot -proot -e "CREATE DATABASE app"
      - eval "$MYSQLDUMP" | mysql -hdb -uroot -proot app

@ -80,4 +86,4 @@ services:
      - MARIADB_ROOT_PASSWORD=root

 volumes:
-  node16_cache:
+  node_cache:
--- a/.woodpecker/deploy.yml
+++ b/.woodpecker/deploy.yml
@ -8,11 +8,17 @@ when:
 skip_clone: true

 steps:
+  secrets:
+    image: gitnet.fr/deblan/novops
+    secrets: [vault_addr, vault_token]
+    commands:
+      - novops load -e deploy > .secrets
+
  app-deploy:
    image: deblan/mage
-    secrets: [ssh_user, ssh_host, ssh_priv_key, app_directory]
    volumes: *volumes
    commands:
+      - . ./.secrets
      - cd "/builds/$CI_COMMIT_SHA"
      - mkdir "$HOME/.ssh"
      - echo "$SSH_PRIV_KEY" > "$HOME/.ssh/id_ed25519"