From 1d9cee659328952965a05c782c39e5107d7add1d Mon Sep 17 00:00:00 2001 From: Dmitriy Stoyanov Date: Thu, 14 Nov 2024 18:16:46 +0300 Subject: [PATCH] Fix certificate update by changing runner where it works (#2638) * Fix certificate update by changing runner where it works * Adding ability to run from PR for testing purposes * Update workflows with FIREBASE_CONFIG var * Remove additional domain brainup.fun --------- Co-authored-by: Elena Moshnikova <15213856+ElenaSpb@users.noreply.github.com> --- .github/workflows/certbot-update-cert.yml | 8 ++++---- .github/workflows/create_cert.yml | 6 ++++-- .github/workflows/instances-redeploy.yml_tmp | 2 +- docker-compose-run.yml | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/certbot-update-cert.yml b/.github/workflows/certbot-update-cert.yml index 01edccaf2..87a8be924 100644 --- a/.github/workflows/certbot-update-cert.yml +++ b/.github/workflows/certbot-update-cert.yml @@ -1,4 +1,4 @@ -name: Update TLS certificates for vscale +name: Update TLS certificates for selectel on: workflow_dispatch: @@ -7,12 +7,13 @@ on: jobs: update_certs: - runs-on: vscale + runs-on: selectel steps: - uses: actions/checkout@v4 - name: Configure secrets run: | echo "$S3_KEY"|base64 -d > aws-key.properties + echo "$FIREBASE_CONFIG"|base64 -d > firebase_config.json mv docker-compose-run.yml docker-compose.yml sed -i -e "s/_YANDEX_AUTH_TOKEN_/\\$YANDEX_AUTH_TOKEN/" docker-compose.yml sed -i -e "s/_YANDEX_FOLDER_ID_/\\$YANDEX_FOLDER_ID/" docker-compose.yml @@ -20,13 +21,12 @@ jobs: sed -i -e "s/_API_GITHUB_TOKEN_/\\$API_GITHUB_TOKEN/" docker-compose.yml env: S3_KEY: ${{ secrets.S3_KEY }} + FIREBASE_CONFIG: ${{ secrets.FIREBASE_CONFIG }} YANDEX_AUTH_TOKEN: ${{ secrets.YANDEX_AUTH_TOKEN }} YANDEX_FOLDER_ID: ${{ secrets.YANDEX_FOLDER_ID }} POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} API_GITHUB_TOKEN: ${{ secrets.API_GITHUB_TOKEN }} - name: Update certs run: | - docker compose pull docker compose run --rm certbot renew --allow-subset-of-names docker compose restart brn_fe_with_tls - docker image prune -af diff --git a/.github/workflows/create_cert.yml b/.github/workflows/create_cert.yml index a2506de12..1f5d6fd0a 100644 --- a/.github/workflows/create_cert.yml +++ b/.github/workflows/create_cert.yml @@ -3,12 +3,13 @@ on: [workflow_dispatch] jobs: update_certs: - runs-on: vscale + runs-on: selectel steps: - uses: actions/checkout@v4 - name: Configure secrets run: | echo "$S3_KEY"|base64 -d > aws-key.properties + echo "$FIREBASE_CONFIG"|base64 -d > firebase_config.json mv docker-compose-run.yml docker-compose.yml sed -i -e "s/_YANDEX_AUTH_TOKEN_/\\$YANDEX_AUTH_TOKEN/" docker-compose.yml sed -i -e "s/_YANDEX_FOLDER_ID_/\\$YANDEX_FOLDER_ID/" docker-compose.yml @@ -16,10 +17,11 @@ jobs: sed -i -e "s/_API_GITHUB_TOKEN_/\\$API_GITHUB_TOKEN/" docker-compose.yml env: S3_KEY: ${{ secrets.S3_KEY }} + FIREBASE_CONFIG: ${{ secrets.FIREBASE_CONFIG }} YANDEX_AUTH_TOKEN: ${{ secrets.YANDEX_AUTH_TOKEN }} YANDEX_FOLDER_ID: ${{ secrets.YANDEX_FOLDER_ID }} POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} API_GITHUB_TOKEN: ${{ secrets.API_GITHUB_TOKEN }} - name: Create cert run: | - docker compose run --rm certbot certonly --webroot --webroot-path=/var/www/html --email brainupproject@yandex.ru -d brainup.fun + docker compose run --rm certbot certonly --webroot --webroot-path=/var/www/html --email brainupproject@yandex.ru diff --git a/.github/workflows/instances-redeploy.yml_tmp b/.github/workflows/instances-redeploy.yml_tmp index 36072deb5..4de816842 100644 --- a/.github/workflows/instances-redeploy.yml_tmp +++ b/.github/workflows/instances-redeploy.yml_tmp @@ -10,7 +10,7 @@ jobs: runs-on: ${{ matrix.runners }} strategy: matrix: - runners: [ epam, vscale ] + runners: [ selectel ] steps: - uses: actions/checkout@v4 - name: Configure secrets diff --git a/docker-compose-run.yml b/docker-compose-run.yml index b3425f92f..b1811e88e 100644 --- a/docker-compose-run.yml +++ b/docker-compose-run.yml @@ -60,7 +60,7 @@ services: - web-root-for-certbot:/var/www/html depends_on: - brn_fe_with_tls - command: certonly --webroot --webroot-path=/var/www/html --email brainupspbproject@gmail.com --agree-tos --no-eff-email --force-renewal -d brainup.fun + command: certonly --webroot --webroot-path=/var/www/html --email brainupspbproject@gmail.com --agree-tos --no-eff-email secrets: aws-key: file: aws-key.properties