on:
push:
branches:
- master
env:
CONTAINER_IMAGE: eu.gcr.io/gcp-project-id/image-name:${{ github.sha }}
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_VERSION: 1.3.4
VAULT_SECRETS_STORE: staging
jobs:
publish:
name: Publish container image
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
- name: Publish to Vault
run: |
curl -sO https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip
unzip vault_${VAULT_VERSION}_linux_amd64.zip
export VAULT_TOKEN=$(./vault write -field=token auth/approle/login \
role_id=${{ secrets.VAULT_ROLE_ID }} \
secret_id=${{ secrets.VAULT_SECRET_ID }})
./vault kv patch backend/${VAULT_SECRETS_STORE} docker_image=${CONTAINER_IMAGE}