Merge pull request #4892 from emiliom/patch-5 #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ensure Uptime Checks | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
# Config of prometheus or hubs might have changed | |
- helm-charts/** | |
# Hubs & clusters might be added or removed | |
- config/clusters/** | |
# The terraform code for the checks might have changed | |
- terraform/uptime-checks/** | |
# The way terraform is deployed might have changed! | |
- .github/workflows/ensure-uptime-checks.yaml | |
# Queue executions of this workflow to avoid conflicts | |
# ref: https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: ${{ github.workflow }} | |
# This environment variable triggers the deployer to colourise print statements in the | |
# GitHub Actions logs for easy reading | |
env: | |
TERM: xterm | |
jobs: | |
ensure-uptime-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Uptime checks are set up and managed via terraform | |
- uses: hashicorp/setup-terraform@v3 | |
# We use sops to store encrypted GCP ServiceAccount Key that terraform uses | |
# to run, as well as PagerDuty config terraform uses | |
- name: Install sops | |
uses: mdgreenwald/[email protected] | |
# Authenticate with the correct KMS key that sops will use. | |
- name: Setup sops credentials to decrypt repo secrets | |
uses: google-github-actions/auth@v2 | |
with: | |
credentials_json: "${{ secrets.GCP_KMS_DECRYPTOR_KEY }}" | |
- name: ensure uptime checks are set up | |
run: | | |
cd terraform/uptime-checks | |
# Decrypt the GCP ServiceAccount key with permissions to run terraform | |
sops -d secret/enc-service-account-key.secret.json > service-account-key.json | |
export GOOGLE_APPLICATION_CREDENTIALS=service-account-key.json | |
# Setup Terraform | |
terraform init | |
# Run terraform automatically | |
terraform apply -auto-approve |