fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2025-10-27 15:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request 'fenix-admin' (#212) from fenix-admin into main
Some checks failed
IAC / hello (push) Failing after 1s

Browse Source 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#212
This commit is contained in:
fenix-gitea-admin
2025-09-07 18:49:13 +00:00
parent 160f826066 6f6cff06e1
commit fd7e0ac80d
2 changed files with 48 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
.gitea/workflows/ci-test.yaml
View File

@ -22,7 +22,7 @@ jobs:
if: "!contains(gitea.event.head_commit.message, '[deploy-opentofu]')" if: "!contains(gitea.event.head_commit.message, '[deploy-opentofu]')"
run: | run: |
echo "Commit não contém [deploy-opentofu], a pipeline será ignorada." echo "Commit não contém [deploy-opentofu], a pipeline será ignorada."
exit 0 exit 1
- name: Executar deploy opentofu - name: Executar deploy opentofu
run: echo "Commit contém [deploy-opentofu], a pipeline será executada." run: echo "Commit contém [deploy-opentofu], a pipeline será executada."
@ -37,12 +37,12 @@ jobs:
with: with:
path: infra/iac path: infra/iac
- name: cloning iac secrets repository #- name: cloning iac secrets repository
uses: actions/checkout@v4 # uses: actions/checkout@v4
with: # with:
repository: fenix-gitea-admin/iac-opentofu-private-secrets # repository: fenix-gitea-admin/iac-opentofu-private-secrets
token: ${{ secrets.GGITEA_TOKEN }} # token: ${{ secrets.GGITEA_TOKEN }}
path: infra/secrets # path: infra/secrets
- name: Install cloudflare prerequisites - name: Install cloudflare prerequisites
@ -125,6 +125,28 @@ jobs:
run: | run: |
BW_SESSION=$(bw login) BW_SESSION=$(bw login)
#!/bin/bash
- name: vaultwarden getsecrets
working-directory: infra
run: |
bw sync
# Ler o arquivo de referência
for secret in $(jq -c '.secrets[]' iac/secrets/vault-secrets-map.json); do
name=$(echo "$secret" | jq -r '.name')
type=$(echo "$secret" | jq -r '.type')
output=$(echo "$secret" | jq -r '.output')
item_id=$(bw get item "$name" | jq -r '.id')
if [ "$type" == "attachment" ]; then
bw get attachment "$output" --itemid "$item_id" --output "$output"
elif [ "$type" == "note" ]; then
bw get item "$name" | jq -r '.notes' > "$output"
fi
done
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v4 uses: actions/setup-python@v4
with: with:

19
secrets/vault-secrets-map.json Normal file
View File

@ -0,0 +1,19 @@
{
"secrets": [
{
"name": "iac.opentofu.consul.secrets",
"type": "attachment",
"output": "iac/secrets/consul.secrets.tfvars"
},
{
"name": "iac.opentofu.proxmox.secrets",
"type": "attachment",
"output": "iac/secrets/proxmox.secrets.tfvars"
},
{
"name": "iac.opentofu.vaultwarden.secrets",
"type": "attachment",
"output": "iac/secrets/vaultwarden.secrets.tfvars"
}
]
}