900af910df
- Adds branch pattern triggers for k8s/** and scripts/** to enable CI/CD from infra or automation-related updates - Improves workflow robustness and flexibility for feature and tooling branches
45 lines
1.2 KiB
Bash
Executable file
45 lines
1.2 KiB
Bash
Executable file
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
REPO="kebrahimpour/avisenna-landing-page"
|
|
SECRET_NAME="KUBECONFIG_BASE64"
|
|
SERVER="https://85.214.94.62:6443"
|
|
|
|
echo "📦 Generating kubeconfig for GitHub Actions..."
|
|
|
|
# Get secret associated with service account
|
|
SECRET_NAME_REF=$(kubectl -n web get sa deploy-bot -o jsonpath="{.secrets[0].name}")
|
|
TOKEN=$(kubectl -n web get secret "$SECRET_NAME_REF" -o jsonpath="{.data.token}" | base64 -d)
|
|
CA_CERT=$(kubectl -n web get secret "$SECRET_NAME_REF" -o jsonpath="{.data['ca\\.crt']}" | base64 -d)
|
|
|
|
mkdir -p .kube
|
|
|
|
# Generate kubeconfig
|
|
cat <<EOF > .kube/github-kubeconfig.yaml
|
|
apiVersion: v1
|
|
kind: Config
|
|
clusters:
|
|
- name: github-deploy
|
|
cluster:
|
|
certificate-authority-data: $(echo "$CA_CERT" | base64 -w 0)
|
|
server: $SERVER
|
|
contexts:
|
|
- name: github-deploy-context
|
|
context:
|
|
cluster: github-deploy
|
|
namespace: web
|
|
user: deploy-bot
|
|
current-context: github-deploy-context
|
|
users:
|
|
- name: deploy-bot
|
|
user:
|
|
token: $TOKEN
|
|
EOF
|
|
|
|
# Encode and push secret to GitHub
|
|
ENCODED=$(base64 -w 0 .kube/github-kubeconfig.yaml)
|
|
|
|
echo "🔐 Updating GitHub secret $SECRET_NAME..."
|
|
gh secret set $SECRET_NAME --repo "$REPO" --body "$ENCODED"
|
|
|
|
echo "✅ KUBECONFIG_BASE64 updated and ready."
|