fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2025-10-27 07:43:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request '[deploy-opentofu]' (#246) from fenix-admin into main

Browse Source 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#246
This commit is contained in:
fenix-gitea-admin
2025-09-10 20:36:09 +00:00
parent fc2b08a458 0b0e3db854
commit a9213a040c
1 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.gitea/workflows/ci-test.yaml
View File

@ -17,6 +17,7 @@ jobs:
BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
BW_CLIENTID: ${{ secrets.BW_CLIENTID }}
BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }}
VAULTWARDEN_LINK: ${{secrets.VAULTWARDEN_LINK }}
steps:
@ -82,16 +83,28 @@ jobs:
}
EOF
- name: vaultwarden urls as secrets
working-directory:
run: |
bw config server $VAULTWARDEN_LINK
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
bw get item "iac.proxmox-ssh-link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
- name: Start cloudflared Access TCP -> SOCKS5 (background)
env:
CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
HOSTNAME: "proxmox-ssh.fenix-dev.com"
run: |
Hostname=$(cat proxmox-ssh-link.txt)
# Inicia cloudflared access tcp/ssh com service token e listener socks local
# O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
nohup cloudflared access tcp \
--hostname "$HOSTNAME" \
--hostname "$Hostname" \
--listener "tcp://127.0.0.1:1081" \
--service-token-id "$CF_SVC_ID" \
--service-token-secret "$CF_SVC_SECRET" \
@ -122,19 +135,11 @@ jobs:
sleep 3
cat dante.log
#- name: vaultwarden login
# working-directory: infra/iac
# run: |
# bw config server https://vaultwarden.fenix-dev.com
# #BW_SESSION=$(bw login)
# bw login --apikey
# BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
- name: vaultwarden getsecrets
working-directory: infra/iac
run: |
bw config server https://vaultwarden.fenix-dev.com
bw config server $VAULTWARDEN_LINK
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)