Merge pull request #17 from BrownUniversity/task_migrate-secrets

change to use GH secrets

.github/workflows/prod-run.yaml

@@ -3,6 +3,18 @@ on:
   release:
     types: [released]
 
+  VO_RANCH_KUBECONF: ${{ secrets.VO_RANCH_KUBECONF }}
+  SCIDMZ_KUBECONF: ${{ secrets.SCIDMZ_KUBECONF }}
+  PBKPD_KUBECONF: ${{ secrets.PBKPD_KUBECONF }}
+  PBKPI_KUBECONF: ${{ secrets.PBKPI_KUBECONF }}
+  QBKPI_KUBECONF: ${{ secrets.QBKPI_KUBECONF }}
+  QBKPD_KUBECONF: ${{ secrets.QBKPD_KUBECONF }}
+  QSCIDMZ_KUBECONF: ${{ secrets.QSCIDMZ_KUBECONF }}
+  QVO_RANCH_KUBECONF: ${{ secrets.QVO_RANCH_KUBECONF }}
+  DRBKPD_KUBECONF: ${{ secrets.DRBKPD_KUBECONF }}
+  DRBKPI_KUBECONF: ${{ secrets.DRBKPI_KUBECONF }}
+  ROBOT_PROD: ${{ secrets.ROBOT_PROD }}
+
 jobs:
   PROD_K8S_Query:
     runs-on: self-hosted
@@ -20,6 +32,21 @@ jobs:
         uses: azure/setup-kubectl@v3
         with:
           version: v1.20.0
+      -
+        name: pull kubeconfig
+        run: |
+          mkdir secrets
+          touch secrets/qa-bkpi.yaml ; echo "$QBKPI_KUBECONF" > secrets/qa-bkpi.yaml
+          touch secrets/qa-bkpd.yaml ; echo "$QBKPD_KUBECONF" > secrets/qa-bkpd.yaml
+          touch secrets/bkpi.yaml ; echo "$PBKPI_KUBECONF" > secrets/bkpi.yaml
+          touch secrets/bkpd.yaml ; echo "$PBKPD_KUBECONF" > secrets/bkpd.yaml
+          touch secrets/bkpidr.yaml ; echo "$DRBKPI_KUBECONF" > secrets/bkpidr.yaml
+          touch secrets/bkpddr.yaml ; echo "$DRBKPD_KUBECONF" > secrets/bkpddr.yaml
+          touch secrets/qvo-ranch.yaml ; echo "$QVO_RANCH_KUBECONF" > secrets/qvo-ranch.yaml
+          touch secrets/scidmz-ranch.yaml ; echo "$SCIDMZ_KUBECONF" > secrets/scidmz-ranch.yaml
+          touch secrets/qscidmz-ranch.yaml ; echo "$QSCIDMZ_KUBECONF" > secrets/qscidmz-ranch.yaml
+          touch secrets/vo-ranch.yaml ; echo "$VO_RANCH_KUBECONF" > secrets/vo-ranch.yaml
+          touch secrets/robot.prod ; echo "$ROBOT_PROD" > secrets/robot.prod
       -
         name: Build PROD image
         run: make build

.github/workflows/qa-run.yaml

@@ -8,6 +8,19 @@ on:
       - '!**.md'
       - '!.blackbox/**'
 
+env:
+  VO_RANCH_KUBECONF: ${{ secrets.VO_RANCH_KUBECONF }}
+  SCIDMZ_KUBECONF: ${{ secrets.SCIDMZ_KUBECONF }}
+  PBKPD_KUBECONF: ${{ secrets.PBKPD_KUBECONF }}
+  PBKPI_KUBECONF: ${{ secrets.PBKPI_KUBECONF }}
+  QBKPI_KUBECONF: ${{ secrets.QBKPI_KUBECONF }}
+  QBKPD_KUBECONF: ${{ secrets.QBKPD_KUBECONF }}
+  QSCIDMZ_KUBECONF: ${{ secrets.QSCIDMZ_KUBECONF }}
+  QVO_RANCH_KUBECONF: ${{ secrets.QVO_RANCH_KUBECONF }}
+  DRBKPD_KUBECONF: ${{ secrets.DRBKPD_KUBECONF }}
+  DRBKPI_KUBECONF: ${{ secrets.DRBKPI_KUBECONF }}
+  ROBOT_QA: ${{ secrets.ROBOT_QA }}
+
 jobs:
   QA_K8S_Query:
     runs-on: self-hosted
@@ -25,6 +38,21 @@ jobs:
         uses: azure/setup-kubectl@v3
         with:
           version: v1.20.0
+      -
+        name: pull kubeconfig
+        run: |
+          mkdir secrets
+          touch secrets/qa-bkpi.yaml ; echo "$QBKPI_KUBECONF" > secrets/qa-bkpi.yaml
+          touch secrets/qa-bkpd.yaml ; echo "$QBKPD_KUBECONF" > secrets/qa-bkpd.yaml
+          touch secrets/bkpi.yaml ; echo "$PBKPI_KUBECONF" > secrets/bkpi.yaml
+          touch secrets/bkpd.yaml ; echo "$PBKPD_KUBECONF" > secrets/bkpd.yaml
+          touch secrets/bkpidr.yaml ; echo "$DRBKPI_KUBECONF" > secrets/bkpidr.yaml
+          touch secrets/bkpddr.yaml ; echo "$DRBKPD_KUBECONF" > secrets/bkpddr.yaml
+          touch secrets/qvo-ranch.yaml ; echo "$QVO_RANCH_KUBECONF" > secrets/qvo-ranch.yaml
+          touch secrets/scidmz-ranch.yaml ; echo "$SCIDMZ_KUBECONF" > secrets/scidmz-ranch.yaml
+          touch secrets/qscidmz-ranch.yaml ; echo "$QSCIDMZ_KUBECONF" > secrets/qscidmz-ranch.yaml
+          touch secrets/vo-ranch.yaml ; echo "$VO_RANCH_KUBECONF" > secrets/vo-ranch.yaml
+          touch secrets/robot.qa ; echo "$ROBOT_QA" > secrets/robot.qa
       -
         name: Build QA image
         run: make build

Makefile

@@ -4,22 +4,13 @@
 help:
 	@grep -E '[a-zA-Z\.\-]+:.*?@ .*$$' $(MAKEFILE_LIST)| tr -d '#'  | awk 'BEGIN {FS = ":.*?@ "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
-#secrets: @ Files to decrypt
-SECRET_FILES=$(shell cat .blackbox/blackbox-files.txt)
-$(SECRET_FILES): %: %.gpg
-	gpg --decrypt --quiet --no-tty --yes $< > $@
-
 ## Variables
 HASH := $(shell git rev-parse --short HEAD | tr -d '\n')
-CLUSTER ?= bkpd bkpi bkpddr bkpidr qa-bkpd qa-bkpi vo-ranch qvo-ranch scidmz-ranch
+CLUSTER ?= bkpd bkpi bkpddr bkpidr qa-bkpd qa-bkpi vo-ranch qvo-ranch scidmz-ranch qscidmz-ranch
 
 .PHONY: build dlogin.qa dlogin.prod push.qa push.prod \
 	secrets.qa secrets.prod deploy.qa deploy.prod
 
-yamls: secrets/qa-bkpi.yaml secrets/qa-bkpd.yaml secrets/bkpi.yaml \
-	secrets/bkpd.yaml secrets/bkpidr.yaml secrets/bkpddr.yaml \
-	secrets/qvo-ranch.yaml secrets/scidmz-ranch.yaml secrets/vo-ranch.yaml
-
 ## DOCKER BUILD ##
 #build: @ Build the docker image, one for all envs
 build:
@@ -28,12 +19,12 @@ build:
 
 ## DOCKER LOGIN ##
 #dlogin.qa: @ QA docker login
-dlogin.qa: secrets/robot.qa
+dlogin.qa:
 	cat secrets/robot.qa | docker login -u 'bke-bkereporting+build' \
 	--password-stdin harbor.cis-qas.brown.edu
 
 #dlogin.prod: @ PROD docker login
-dlogin.prod: secrets/robot.prod
+dlogin.prod: 
 	cat secrets/robot.prod | docker login -u 'bke-bkereporting+build' \
 	--password-stdin harbor.services.brown.edu
 

scripts/namespaces.py

@@ -14,7 +14,7 @@
 
 html_dir = '/usr/share/nginx/html'
 kconfig_dir = '/etc/kubeconfig'
-cluster_list = ['qa-bkpd', 'qa-bkpi', 'bkpd', 'bkpi', 'bkpddr', 'bkpidr', 'vo-ranch', 'qvo-ranch', 'scidmz-ranch']
+cluster_list = ['qa-bkpd', 'qa-bkpi', 'bkpd', 'bkpi', 'bkpddr', 'bkpidr', 'vo-ranch', 'qvo-ranch', 'scidmz-ranch',  'qscidmz-ranch']
 excluded_raw = [
   'security-scan',
   'default',

scripts/nodes.py

@@ -13,7 +13,7 @@
 
 html_dir = '/usr/share/nginx/html'
 kconfig_dir = '/etc/kubeconfig'
-cluster_list = ['qa-bkpd', 'qa-bkpi', 'bkpd', 'bkpi', 'bkpddr', 'bkpidr', 'vo-ranch', 'qvo-ranch', 'scidmz-ranch']
+cluster_list = ['qa-bkpd', 'qa-bkpi', 'bkpd', 'bkpi', 'bkpddr', 'bkpidr', 'vo-ranch', 'qvo-ranch', 'scidmz-ranch', 'qscidmz-ranch']
 html_start = """
 <html>
 <head>