Update environment-example.md (#53684) #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docs-internal Moda CI | ||
# More info on CI actions setup can be found here: | ||
# https://github.com/github/ops/blob/master/docs/playbooks/build-systems/moving-moda-apps-from-bp-to-actions.md | ||
on: | ||
workflow_dispatch: | ||
push: | ||
branches-ignore: | ||
- 'gh-readonly-queue/**' | ||
merge_group: | ||
types: [checks_requested] | ||
jobs: | ||
########################## | ||
# Generate Vault keys | ||
########################## | ||
set-vault-keys: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
modified_vault_keys: ${{ steps.modify_vault_keys.outputs.modified }} | ||
steps: | ||
- name: Set vault-keys output | ||
id: modify_vault_keys | ||
run: | | ||
if [ -z "${{ vars.VAULT_KEYS }}" ]; then | ||
# We want to add the DOCS_BOT_PAT_READPUBLICKEY to the list of keys | ||
# so that builds fetch the secret from the docs-internal vault | ||
# where --environment is "ci" | ||
echo "modified=DOCS_BOT_PAT_READPUBLICKEY" >> $GITHUB_OUTPUT | ||
else | ||
echo "modified=${{ vars.VAULT_KEYS }},DOCS_BOT_PAT_READPUBLICKEY" >> $GITHUB_OUTPUT | ||
fi | ||
############# | ||
# Moda jobs | ||
############# | ||
moda-config-bundle: | ||
if: ${{ github.repository == 'github/docs-internal' }} | ||
name: ${{ matrix.ci_job.job }} | ||
needs: set-vault-keys | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
ci_job: [{ 'job': 'docs-internal-moda-config-bundle' }] | ||
uses: github/internal-actions/.github/workflows/moda.yml@main | ||
with: | ||
ci-formatted-job-name: ${{ matrix.ci_job.job }} | ||
vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }} | ||
secrets: | ||
dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }} | ||
datadog-api-key: ${{ secrets.DATADOG_API_KEY }} | ||
############# | ||
# Docker Image jobs | ||
############# | ||
docker-image: | ||
if: ${{ github.repository == 'github/docs-internal' }} | ||
name: ${{ matrix.ci_job.job }} | ||
needs: set-vault-keys | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
ci_job: [{ 'job': 'docs-internal-docker-image' }] | ||
uses: github/internal-actions/.github/workflows/kube.yml@main | ||
Check failure on line 65 in .github/workflows/moda-ci.yaml GitHub Actions / .github/workflows/moda-ci.yamlInvalid workflow file
|
||
with: | ||
ci-formatted-job-name: ${{ matrix.ci_job.job }} | ||
vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }} | ||
# Passes 'DOCS_BOT_PAT_READPUBLICKEY' secret from Vault to docker as --secret id=DOCS_BOT_PAT_READPUBLICKEY,src=<PAT value> | ||
docker-build-env-secrets: 'DOCS_BOT_PAT_READPUBLICKEY' | ||
secrets: | ||
dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }} | ||
datadog-api-key: ${{ secrets.DATADOG_API_KEY }} | ||
############# | ||
# Docker Security jobs | ||
############# | ||
docker-security: | ||
if: ${{ github.repository == 'github/docs-internal' }} | ||
name: ${{ matrix.ci_job.job }} | ||
needs: set-vault-keys | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
ci_job: [{ 'job': 'docs-internal-docker-security' }] | ||
uses: github/internal-actions/.github/workflows/docker_security.yml@main | ||
with: | ||
ci-formatted-job-name: ${{ matrix.ci_job.job }} | ||
vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }} | ||
# Passes 'DOCS_BOT_PAT_READPUBLICKEY' secret from Vault to docker as --secret id=DOCS_BOT_PAT_READPUBLICKEY,src=<PAT value> | ||
docker-build-env-secrets: 'DOCS_BOT_PAT_READPUBLICKEY' | ||
secrets: | ||
dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }} | ||
datadog-api-key: ${{ secrets.DATADOG_API_KEY }} | ||
permissions: | ||
actions: read | ||
checks: read | ||
contents: read | ||
statuses: read | ||
id-token: write |