From 8eb6ba303c107fb116cf3a43689f2643ea309561 Mon Sep 17 00:00:00 2001
From: Simon Vieille <simon@deblan.fr>
Date: Wed, 6 Dec 2023 19:38:45 +0100
Subject: [PATCH] add novops conf

---
 .mage.yml.dist         |  1 +
 .novops.yml            | 39 +++++++++++++++++++++++++++++++++++++++
 .woodpecker/build.yml  | 14 ++++++++++----
 .woodpecker/deploy.yml |  8 +++++++-
 4 files changed, 57 insertions(+), 5 deletions(-)
 create mode 100644 .novops.yml

diff --git a/.mage.yml.dist b/.mage.yml.dist
index 44e7dfb..a724526 100644
--- a/.mage.yml.dist
+++ b/.mage.yml.dist
@@ -18,6 +18,7 @@ magephp:
                 - "/var/cache/*"
                 - "/var/log/*"
                 - "/public/media"
+				- "/.secrets"
             hosts:
                 - ssh_host
             on-deploy:
diff --git a/.novops.yml b/.novops.yml
new file mode 100644
index 0000000..a0a9c25
--- /dev/null
+++ b/.novops.yml
@@ -0,0 +1,39 @@
+environments:
+  build:
+    variables:
+      - name: MYSQLDUMP
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: mysqldump
+
+  deploy:
+    variables:
+      - name: SSH_USER
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: ssh_user
+
+      - name: SSH_HOST
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: ssh_host
+
+      - name: SSH_PRIV_KEY
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: ssh_priv_key
+
+      - name: APP_DIRECTORY
+        value:
+          hvault_kv2:
+            mount: kv
+            path: deblan/deblan.io-murph
+            key: app_directory
diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml
index 161ce66..e241c79 100644
--- a/.woodpecker/build.yml
+++ b/.woodpecker/build.yml
@@ -1,6 +1,6 @@
 variables:
-  - &volumes
-    - node16_cache:/root/.npm
+  volumes: &volumes
+    - node_cache:/root/.npm
     - /data/${CI_REPO}:/builds
 
 when:
@@ -8,6 +8,12 @@ when:
   branch: [master, master-*, develop, develop-*, feature/*]
 
 steps:
+  secrets:
+    image: gitnet.fr/deblan/novops
+    secrets: [vault_addr, vault_token]
+    commands:
+      - novops load -e build > .secrets
+
   db-wait:
     image: gitnet.fr/deblan/timeout:latest
     commands:
@@ -15,8 +21,8 @@ steps:
 
   db-create:
     image: mariadb:10.3
-    secrets: [mysqldump]
     commands:
+      - . /.secrets
       - mysql -hdb -uroot -proot -e "CREATE DATABASE app"
       - eval "$MYSQLDUMP" | mysql -hdb -uroot -proot app
 
@@ -80,4 +86,4 @@ services:
       - MARIADB_ROOT_PASSWORD=root
 
 volumes:
-  node16_cache:
+  node_cache:
diff --git a/.woodpecker/deploy.yml b/.woodpecker/deploy.yml
index b163295..c5afb1b 100644
--- a/.woodpecker/deploy.yml
+++ b/.woodpecker/deploy.yml
@@ -8,11 +8,17 @@ when:
 skip_clone: true
 
 steps:
+  secrets:
+    image: gitnet.fr/deblan/novops
+    secrets: [vault_addr, vault_token]
+    commands:
+      - novops load -e deploy > .secrets
+
   app-deploy:
     image: deblan/mage
-    secrets: [ssh_user, ssh_host, ssh_priv_key, app_directory]
     volumes: *volumes
     commands:
+      - . ./.secrets
       - cd "/builds/$CI_COMMIT_SHA"
       - mkdir "$HOME/.ssh"
       - echo "$SSH_PRIV_KEY" > "$HOME/.ssh/id_ed25519"