ci: allow input nas ssh password
This commit is contained in:
@@ -15,10 +15,22 @@ on:
|
||||
description: "NAS SSH user"
|
||||
required: true
|
||||
default: "admin"
|
||||
password_source:
|
||||
description: "NAS SSH password source"
|
||||
required: true
|
||||
default: "repository_secret"
|
||||
type: choice
|
||||
options:
|
||||
- repository_secret
|
||||
- workflow_input
|
||||
ssh_password:
|
||||
description: "NAS SSH password. Used only when password_source is workflow_input."
|
||||
required: false
|
||||
default: ""
|
||||
deploy_base:
|
||||
description: "Base deployment directory on the NAS"
|
||||
required: true
|
||||
default: "/home/admin/geo-rankly"
|
||||
default: "/vol1/1000/application/geo"
|
||||
image_tag:
|
||||
description: "Docker image tag. Defaults to the short commit SHA."
|
||||
required: false
|
||||
@@ -40,10 +52,12 @@ jobs:
|
||||
NAS_HOST: ${{ inputs.host }}
|
||||
NAS_PORT: ${{ inputs.port }}
|
||||
NAS_USER: ${{ inputs.user }}
|
||||
NAS_SSH_PASSWORD_SOURCE: ${{ inputs.password_source }}
|
||||
NAS_SSH_PASSWORD_INPUT: ${{ inputs.ssh_password }}
|
||||
NAS_SSH_PASSWORD_SECRET: ${{ secrets.NAS_SSH_PASSWORD }}
|
||||
DEPLOY_BASE: ${{ inputs.deploy_base }}
|
||||
REQUESTED_IMAGE_TAG: ${{ inputs.image_tag }}
|
||||
KEEP_RELEASES: ${{ inputs.keep_releases }}
|
||||
NAS_SSH_PASSWORD: ${{ secrets.NAS_SSH_PASSWORD }}
|
||||
NAS_DEPLOY_ENV: ${{ secrets.NAS_DEPLOY_ENV }}
|
||||
DOCKER_BUILDKIT: "1"
|
||||
|
||||
@@ -60,8 +74,37 @@ jobs:
|
||||
run: |
|
||||
set -eu
|
||||
|
||||
if [ -z "${NAS_SSH_PASSWORD:-}" ]; then
|
||||
echo "::error::Missing repository secret NAS_SSH_PASSWORD"
|
||||
case "${NAS_SSH_PASSWORD_SOURCE:-repository_secret}" in
|
||||
repository_secret)
|
||||
nas_ssh_password="${NAS_SSH_PASSWORD_SECRET:-}"
|
||||
;;
|
||||
workflow_input)
|
||||
nas_ssh_password="${NAS_SSH_PASSWORD_INPUT:-}"
|
||||
;;
|
||||
*)
|
||||
echo "::error::password_source must be repository_secret or workflow_input"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -n "${nas_ssh_password}" ]; then
|
||||
echo "::add-mask::${nas_ssh_password}"
|
||||
fi
|
||||
|
||||
{
|
||||
echo "NAS_SSH_PASSWORD<<__NAS_SSH_PASSWORD__"
|
||||
printf '%s\n' "${nas_ssh_password}"
|
||||
echo "__NAS_SSH_PASSWORD__"
|
||||
echo "NAS_SSH_PASSWORD_INPUT="
|
||||
echo "NAS_SSH_PASSWORD_SECRET="
|
||||
} >> "${GITHUB_ENV}"
|
||||
|
||||
if [ -z "${nas_ssh_password}" ]; then
|
||||
if [ "${NAS_SSH_PASSWORD_SOURCE:-repository_secret}" = "workflow_input" ]; then
|
||||
echo "::error::Missing workflow input ssh_password"
|
||||
else
|
||||
echo "::error::Missing repository secret NAS_SSH_PASSWORD"
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
@@ -48,6 +48,18 @@ on:
|
||||
description: "NAS SSH user"
|
||||
required: true
|
||||
default: "admin"
|
||||
password_source:
|
||||
description: "NAS SSH password source"
|
||||
required: true
|
||||
default: "repository_secret"
|
||||
type: choice
|
||||
options:
|
||||
- repository_secret
|
||||
- workflow_input
|
||||
ssh_password:
|
||||
description: "NAS SSH password. Used only when password_source is workflow_input."
|
||||
required: false
|
||||
default: ""
|
||||
deploy_base:
|
||||
description: "Base deployment directory on the NAS"
|
||||
required: true
|
||||
@@ -73,13 +85,15 @@ jobs:
|
||||
NAS_HOST: ${{ inputs.host }}
|
||||
NAS_PORT: ${{ inputs.port }}
|
||||
NAS_USER: ${{ inputs.user }}
|
||||
NAS_SSH_PASSWORD_SOURCE: ${{ inputs.password_source }}
|
||||
NAS_SSH_PASSWORD_INPUT: ${{ inputs.ssh_password }}
|
||||
NAS_SSH_PASSWORD_SECRET: ${{ secrets.NAS_SSH_PASSWORD }}
|
||||
DEPLOY_BASE: ${{ inputs.deploy_base }}
|
||||
SELECTED_SERVICE: ${{ inputs.service }}
|
||||
REQUESTED_IMAGE_TAG: ${{ inputs.image_tag }}
|
||||
REQUESTED_RUN_MIGRATIONS: ${{ inputs.run_migrations }}
|
||||
VALIDATE_MIGRATIONS: ${{ inputs.validate_migrations }}
|
||||
KEEP_RELEASES: ${{ inputs.keep_releases }}
|
||||
NAS_SSH_PASSWORD: ${{ secrets.NAS_SSH_PASSWORD }}
|
||||
NAS_DEPLOY_ENV: ${{ secrets.NAS_DEPLOY_ENV }}
|
||||
DOCKER_BUILDKIT: "1"
|
||||
|
||||
@@ -96,8 +110,37 @@ jobs:
|
||||
run: |
|
||||
set -eu
|
||||
|
||||
if [ -z "${NAS_SSH_PASSWORD:-}" ]; then
|
||||
echo "::error::Missing repository secret NAS_SSH_PASSWORD"
|
||||
case "${NAS_SSH_PASSWORD_SOURCE:-repository_secret}" in
|
||||
repository_secret)
|
||||
nas_ssh_password="${NAS_SSH_PASSWORD_SECRET:-}"
|
||||
;;
|
||||
workflow_input)
|
||||
nas_ssh_password="${NAS_SSH_PASSWORD_INPUT:-}"
|
||||
;;
|
||||
*)
|
||||
echo "::error::password_source must be repository_secret or workflow_input"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -n "${nas_ssh_password}" ]; then
|
||||
echo "::add-mask::${nas_ssh_password}"
|
||||
fi
|
||||
|
||||
{
|
||||
echo "NAS_SSH_PASSWORD<<__NAS_SSH_PASSWORD__"
|
||||
printf '%s\n' "${nas_ssh_password}"
|
||||
echo "__NAS_SSH_PASSWORD__"
|
||||
echo "NAS_SSH_PASSWORD_INPUT="
|
||||
echo "NAS_SSH_PASSWORD_SECRET="
|
||||
} >> "${GITHUB_ENV}"
|
||||
|
||||
if [ -z "${nas_ssh_password}" ]; then
|
||||
if [ "${NAS_SSH_PASSWORD_SOURCE:-repository_secret}" = "workflow_input" ]; then
|
||||
echo "::error::Missing workflow input ssh_password"
|
||||
else
|
||||
echo "::error::Missing repository secret NAS_SSH_PASSWORD"
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user