96 lines
3.4 KiB
YAML
96 lines
3.4 KiB
YAML
name: "Checkout and Config Injection"
|
|
description: "Clones the project via SSH and injects configs from a separate repo"
|
|
inputs:
|
|
ssh_key:
|
|
description: "SSH Private Key"
|
|
required: true
|
|
config_repo:
|
|
description: "Configuration Repository Path (e.g., dev-ops/configs.git)"
|
|
required: false
|
|
default: ""
|
|
config_repo_branch:
|
|
description: "Configuration Repository Branch"
|
|
required: false
|
|
default: "main"
|
|
app_key:
|
|
description: "Application Key in the config repo"
|
|
required: true
|
|
gitea_host:
|
|
description: "Gitea Hostname"
|
|
required: false
|
|
default: "gitea.hclife.co"
|
|
gitea_port:
|
|
description: "Gitea SSH Port"
|
|
required: false
|
|
default: "2222"
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Checkout and Config
|
|
shell: bash
|
|
env:
|
|
SSH_KEY: ${{ inputs.ssh_key }}
|
|
CONFIG_REPO: ${{ inputs.config_repo }}
|
|
CONFIG_REPO_BRANCH: ${{ inputs.config_repo_branch }}
|
|
APP_KEY: ${{ inputs.app_key }}
|
|
GITEA_HOST: ${{ inputs.gitea_host }}
|
|
GITEA_PORT: ${{ inputs.gitea_port }}
|
|
run: |
|
|
set -eu
|
|
|
|
SSH_TMP_DIR=$(mktemp -d)
|
|
trap 'rm -rf "$SSH_TMP_DIR"' EXIT
|
|
|
|
echo "$SSH_KEY" > "$SSH_TMP_DIR/id_rsa"
|
|
chmod 600 "$SSH_TMP_DIR/id_rsa"
|
|
|
|
# Ensure ssh-keyscan is available for strict host key checking
|
|
if ! command -v ssh-keyscan &> /dev/null; then
|
|
echo "ssh-keyscan not found, attempting to install..."
|
|
if command -v apk &> /dev/null; then
|
|
apk add --no-cache openssh-client
|
|
elif command -v apt-get &> /dev/null; then
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update && apt-get install -y openssh-client
|
|
fi
|
|
fi
|
|
|
|
ssh-keyscan -p "$GITEA_PORT" "$GITEA_HOST" > "$SSH_TMP_DIR/known_hosts"
|
|
export GIT_SSH_COMMAND="ssh -i $SSH_TMP_DIR/id_rsa -o UserKnownHostsFile=$SSH_TMP_DIR/known_hosts -o StrictHostKeyChecking=yes"
|
|
|
|
echo "Initializing project repository..."
|
|
git init
|
|
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
if git remote get-url origin >/dev/null 2>&1; then
|
|
git remote set-url origin "ssh://git@$GITEA_HOST:$GITEA_PORT/${{ github.repository }}.git"
|
|
else
|
|
git remote add origin "ssh://git@$GITEA_HOST:$GITEA_PORT/${{ github.repository }}.git"
|
|
fi
|
|
git fetch --depth 1 origin "${{ github.sha }}"
|
|
git checkout FETCH_HEAD
|
|
|
|
if [ -n "$CONFIG_REPO" ]; then
|
|
echo "Fetching optional config repository..."
|
|
echo "Config repo: $CONFIG_REPO"
|
|
echo "Config repo branch: $CONFIG_REPO_BRANCH"
|
|
echo "Expected config app key: $APP_KEY"
|
|
git clone -b "$CONFIG_REPO_BRANCH" "ssh://git@$GITEA_HOST:$GITEA_PORT/$CONFIG_REPO" configs
|
|
|
|
echo "Config repo top-level entries:"
|
|
find configs -maxdepth 2 -mindepth 1 | sort
|
|
|
|
CONFIG_SOURCE_DIR="configs/${APP_KEY}"
|
|
if [ -d "$CONFIG_SOURCE_DIR" ]; then
|
|
echo "Applying config tree from '$CONFIG_SOURCE_DIR'..."
|
|
cp -Rv "$CONFIG_SOURCE_DIR"/. .
|
|
rm -rf configs
|
|
else
|
|
echo "Error: '$CONFIG_SOURCE_DIR' not found in config repository"
|
|
echo "Available directories under configs/:"
|
|
find configs -maxdepth 3 -type d | sort
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "No config repository configured; skipping config injection."
|
|
fi
|