65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
name: Reconcile
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'netbird.json'
|
|
|
|
jobs:
|
|
reconcile:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Sync events
|
|
run: |
|
|
curl -sf \
|
|
-X POST \
|
|
-H "Authorization: Bearer ${{ secrets.RECONCILER_TOKEN }}" \
|
|
"${{ secrets.RECONCILER_URL }}/sync-events"
|
|
|
|
- name: Pull latest (poller may have committed)
|
|
run: git pull --rebase
|
|
|
|
- name: Apply reconcile
|
|
id: reconcile
|
|
run: |
|
|
RESPONSE=$(curl -sf \
|
|
-X POST \
|
|
-H "Authorization: Bearer ${{ secrets.RECONCILER_TOKEN }}" \
|
|
-H "Content-Type: application/json" \
|
|
-d @netbird.json \
|
|
"${{ secrets.RECONCILER_URL }}/reconcile")
|
|
echo "response<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$RESPONSE" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
if [ "$STATUS" = "error" ]; then
|
|
echo "Reconcile failed"
|
|
echo "$RESPONSE" | jq .
|
|
exit 1
|
|
fi
|
|
|
|
- name: Encrypt and upload setup keys
|
|
if: success()
|
|
run: |
|
|
KEYS=$(echo '${{ steps.reconcile.outputs.response }}' | jq -r '.created_keys // empty')
|
|
if [ -n "$KEYS" ] && [ "$KEYS" != "{}" ] && [ "$KEYS" != "null" ]; then
|
|
echo "$KEYS" | age -r "${{ secrets.AGE_PUBLIC_KEY }}" -o setup-keys.age
|
|
echo "Setup keys encrypted to setup-keys.age"
|
|
else
|
|
echo "No new keys created"
|
|
exit 0
|
|
fi
|
|
|
|
- name: Upload artifact
|
|
if: success()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: setup-keys
|
|
path: setup-keys.age
|
|
if-no-files-found: ignore
|