Add workflow and script for running cron check certs #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update cron script when changes are made | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - add-cron-to-check-certs | |
| paths: | |
| - 'scripts/ci_check_certs.sh' | |
| - '.github/workflows/update_cron_script.yml' | |
| workflow_dispatch: | |
| jobs: | |
| check-certs-expiry: | |
| name: Update cron script when changes are made | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| domain: | |
| [ | |
| "backend.captn.ai", | |
| "staging.backend.captn.ai", | |
| "auth.captn.ai", | |
| "staging.auth.captn.ai", | |
| ] | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| container: | |
| image: ubuntu:22.04 | |
| env: | |
| PROD_SSH_KEY: ${{ secrets.PROD_SSH_KEY }} | |
| STAGING_SSH_KEY: ${{ secrets.STAGING_SSH_KEY }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # This is to fix GIT not liking owner of the checkout dir - https://github.com/actions/runner/issues/2033#issuecomment-1204205989 | |
| - run: chown -R $(id -u):$(id -g) $PWD | |
| - run: echo "PATH=$PATH:/github/home/.local/bin" >> $GITHUB_ENV | |
| - run: "which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )" | |
| - run: apt-get update -y && apt-get install sshpass -y | |
| - run: eval $(ssh-agent -s) | |
| - run: mkdir -p ~/.ssh | |
| - run: chmod 700 ~/.ssh | |
| - run: echo "DOMAIN=${{ matrix.domain }}" >> $GITHUB_ENV | |
| - run: ssh-keyscan "$DOMAIN" >> ~/.ssh/known_hosts | |
| - run: chmod 644 ~/.ssh/known_hosts | |
| - run: if [[ $DOMAIN == *"staging"* ]]; then echo "$STAGING_SSH_KEY" | base64 --decode > key.pem ; else echo "$PROD_SSH_KEY" | base64 --decode > key.pem ; fi; | |
| - run: chmod 600 key.pem | |
| - run: ssh -o StrictHostKeyChecking=no -i key.pem azureuser@"$DOMAIN" "ls -la" | |
| - run: envsubst '${DOMAIN}' < scripts/cron_check_certs.sh > tmp.sh | |
| - run: chmod +x tmp.sh | |
| - run: cat tmp.sh | |
| - run: scp -i key.pem tmp.sh azureuser@"$DOMAIN":/home/azureuser/cron_check_certs.sh | |
| - run: rm key.pem |