Today I Learned

1 post about #cicd

Modify Vault data through GitHub Actions and approle

on:
  push:
    branches:
      - master

env:
  CONTAINER_IMAGE: eu.gcr.io/gcp-project-id/image-name:${{ github.sha }}
  VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
  VAULT_VERSION: 1.3.4
  VAULT_SECRETS_STORE: staging

jobs:
  publish:
    name: Publish container image
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@master

      - name: Publish to Vault
        run: |
          curl -sO https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip
          unzip vault_${VAULT_VERSION}_linux_amd64.zip
          export VAULT_TOKEN=$(./vault write -field=token auth/approle/login \
              role_id=${{ secrets.VAULT_ROLE_ID }} \
              secret_id=${{ secrets.VAULT_SECRET_ID }})
          ./vault kv patch backend/${VAULT_SECRETS_STORE} docker_image=${CONTAINER_IMAGE}