Renew the CA-verified Certificate #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Renew the CA-verified Certificate | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Runs at 00:00 on the 1st and 15th day of every month. (see https://crontab.guru) | |
| - cron: "0 0 1,15 * *" | |
| jobs: | |
| build: | |
| name: Trigger Juju renew certificate action on certbot-k8s | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Juju | |
| run: | | |
| sudo snap install juju --channel=3.1/stable --classic | |
| # We need the kubeconfig and the controllers.yaml file into our environment | |
| # in order to login and refresh the charms. | |
| - name: Adding Credentials | |
| shell: bash | |
| run: | | |
| mkdir -p ~/.kube | |
| mkdir -p ~/.local/share/juju | |
| echo "${KUBECONFIG_B64}" | base64 -d > ~/.kube/config | |
| echo "${CONTROLLERS_B64}" | base64 -d > ~/.local/share/juju/controllers.yaml | |
| echo "${CONTROLLER_PASSWORD}" | juju login -c finos-legend-v3 -u admin | |
| env: | |
| KUBECONFIG_B64: "${{ secrets.KUBECONFIG_B64 }}" | |
| CONTROLLERS_B64: "${{ secrets.CONTROLLERS_B64 }}" | |
| CONTROLLER_PASSWORD: "${{ secrets.CONTROLLER_PASSWORD }}" | |
| - name: Renewing Certificate | |
| run: | | |
| set -x | |
| set -e | |
| renew_certificate() { | |
| model=$1 | |
| juju switch "${model}" | |
| # Running juju status will show us the current revisions of the charms. | |
| juju status --relations | |
| # Run the renew action on the certbot-k8s charm. | |
| action_result=$(juju run certbot-k8s/0 renew-certificate --wait=10m) | |
| if [[ $? -ne 0 ]]; then | |
| echo "Certificate renewal failed:\n$action_result" | |
| exit 1 | |
| fi | |
| # Show the juju status to see if any errors occurred. | |
| juju status --relations | |
| } | |
| # Controller name is "finos-legend-v3", model name is "finos-legend" | |
| renew_certificate "finos-legend-v3:finos-legend" | |
| renew_certificate "finos-legend-v3:finos-legend-twin" | |
| - name: Send email on failure | |
| if: failure() && github.event_name == 'schedule' | |
| uses: vineetchoudhary/mailgun-action@master | |
| with: | |
| api-key: ${{ secrets.MAILGUN_API_KEY }} | |
| domain: ${{ secrets.MAILGUN_DOMAIN }} | |
| to: ${{ secrets.EMAIL_TO }} | |
| subject: "${{ github.job }} job of ${{ github.repository }} has failed" | |
| body: "${{ github.job }} job in worflow ${{ github.workflow }} of ${{ github.repository }} has failed: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| - name: Send Mail Action Response | |
| run: echo "${{ steps.sendmail.outputs.response }}" |