Skip to content

Renew Lets Encrypt Certificates #14

Renew Lets Encrypt Certificates

Renew Lets Encrypt Certificates #14

Workflow file for this run

---
name: Renew Lets Encrypt Certificates
on: # yamllint disable-line rule:truthy
schedule:
# 3am each month https://crontab.guru/#0_3_1_*_*
- cron: "0 3 1 * *"
workflow_dispatch:
# This will prevent multiple runs of this entire workflow.
# We should NOT cancel in progress runs as that can destabilize the environment.
concurrency: letsencrypt
env:
USE_ENV_VARS_NOT_FILES: true
TF_INPUT: 0 # interactive is off
TF_IN_AUTOMATION: 1 # Run in headless mode
jobs:
renew_letsencrypt_certs:
name: Renew Lets Encrypt Certificates
runs-on: ubuntu-latest
environment: CICD
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.2.9
terraform_wrapper: false
- name: Renew Certificates
shell: bash
env:
ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }}
ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }}
ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }}
TRE_ID: ${{ secrets.TRE_ID }}
TERRAFORM_STATE_CONTAINER_NAME:
${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}
run: |
sudo apt-get install -y python3 python3-venv libaugeas0 \
&& python3 -m venv /opt/certbot/ \
&& /opt/certbot/bin/pip install --upgrade pip \
&& /opt/certbot/bin/pip install certbot
make letsencrypt