Merge pull request '[DO-1617] fix gitea action' (#2) from feature/DO-1617/start into master

Reviewed-on: https://git.avroid.tech/Docker/vault/pulls/2
2025-02-18 18:01:31 +03:00
parent c332ac4a74 326d3b8522
commit 9abc0ab7ca
1 changed files with 44 additions and 43 deletions
--- a/.gitea/workflows/build-and-push-image.yaml
+++ b/.gitea/workflows/build-and-push-image.yaml
@@ -1,6 +1,6 @@
 name: Build and publish docker image

-on: [push]
+on: [ push ]

 env:
  CI: ON
@@ -8,58 +8,59 @@ env:
  # Allow workflow to be manually run from the Gitea UI
  workflow_dispatch:

+
 jobs:
  build_and_push:
-    runs-on: act-runner-label
+    runs-on: docker
    name: Builds the image and publishes to docker hub
    container:
      image: harbor.avroid.tech/docker-hub-proxy/catthehacker/ubuntu:act-latest
    steps:
-      - run: printenv
+    - run: printenv

-      - name: Retrieve secrets from Hashicorp Vault
-        id: retrieve-secrets
-        uses: https://git-mirrors.avroid.tech/Mirrors-actions/vault-action.git@v3
-        with:
-          url: https://vault.avroid.tech
-          method: approle
-          roleId: ${{ secrets.HVAULT_GITEA_ACTIONS_ROLE_ID }}
-          secretId: ${{ secrets.HVAULT_GITEA_ACTIONS_SECRET_ID }}
-          # Ниже указываем {путь к секрету в HVault} {имя ключа секрета} | {имя переменной окружения куда засетим значение секрета}
-          # Доступ к секретам осуществляется через заранее созданный AppRole "gitea-actions-role" в HVault и подключенную
-          # к ней политику "gitea-actions". В политике описывается доступ к необходимым секретам. Политику можно посмотреть
-          # через UI Hashicorp Vault.
-          secrets: |
-            team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.login' | HARBOR_LOGIN ;
-            team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.token' | HARBOR_TOKEN ;
+    - name: Retrieve secrets from Hashicorp Vault
+      id: retrieve-secrets
+      uses: https://git-mirrors.avroid.tech/Mirrors-actions/vault-action.git@v3
+      with:
+        url: https://vault.avroid.tech
+        method: approle
+        roleId: ${{ secrets.HVAULT_GITEA_ACTIONS_ROLE_ID }}
+        secretId: ${{ secrets.HVAULT_GITEA_ACTIONS_SECRET_ID }}
+        # Ниже указываем {путь к секрету в HVault} {имя ключа секрета} | {имя переменной окружения куда засетим значение секрета}
+        # Доступ к секретам осуществляется через заранее созданный AppRole "gitea-actions-role" в HVault и подключенную
+        # к ней политику "gitea-actions". В политике описывается доступ к необходимым секретам. Политику можно посмотреть
+        # через UI Hashicorp Vault.
+        secrets: |
+          team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.login' | HARBOR_LOGIN ;
+          team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.token' | HARBOR_TOKEN ;

-      - name: Login to Harbor Docker Registry
-        uses: https://git-mirrors.avroid.tech/Mirrors-actions/login-action@v3
-        with:
-          registry: https://harbor.avroid.tech
-          username: ${{ env.HARBOR_LOGIN }}
-          password: ${{ env.HARBOR_TOKEN }}
+    - name: Login to Harbor Docker Registry
+      uses: https://git-mirrors.avroid.tech/Mirrors-actions/login-action@v3
+      with:
+        registry: https://harbor.avroid.tech
+        username: ${{ env.HARBOR_LOGIN }}
+        password: ${{ env.HARBOR_TOKEN }}

-      - name: Check out repository code
-        uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout@v4
+    - name: Check out repository code
+      uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout@v4

-      - name: "Build image"
-        run: |
-          make build
+    - name: "Build image"
+      run: |
+        make build

-      - name: "Push image"
-        run: |
-          make push
-        if: ${{ gitea.ref == 'refs/heads/master' }}
+    - name: "Push image"
+      run: |
+        make push
+      if: ${{ gitea.ref == 'refs/heads/master' }}

-      - name: "Clear image"
-        run: |
-          make clean
+    - name: "Clear image"
+      run: |
+        make clean

-      - name: Create and push tag
-        run: |
-          git config user.name "Jenkins"
-          git config user.email "svc-jenkins@avroid.tech"
-          git tag $(make getTag)
-          git push origin $(make getTag)
-        if: ${{ gitea.ref == 'refs/heads/master' }}
+    - name: Create and push tag
+      run: |
+        git config user.name "Jenkins"
+        git config user.email "svc-jenkins@avroid.tech"
+        git tag $(make getTag)
+        git push origin $(make getTag)
+      if: ${{ gitea.ref == 'refs/heads/master' }}