2024-05-01 20:26:42 +00:00
|
|
|
on: [ push ]
|
|
|
|
|
jobs:
|
|
|
|
|
blog-pim:
|
|
|
|
|
runs-on: docker
|
|
|
|
|
container:
|
|
|
|
|
image: git.kun.is/home/forgejo-nix-action:687d16c49ea7936068bac64ec68c480a9d681962
|
2024-05-01 21:00:13 +00:00
|
|
|
options: "-v /var/run/secrets/kubernetes.io/serviceaccount:/var/run/secrets/kubernetes.io/serviceaccount"
|
2024-05-01 20:26:42 +00:00
|
|
|
steps:
|
|
|
|
|
- name: Clone repository
|
|
|
|
|
run: git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git src
|
2024-05-01 21:00:13 +00:00
|
|
|
- run: ls -alh /var/run/secrets/kubernetes.io/serviceaccount
|
2024-05-02 14:23:55 +00:00
|
|
|
- run: "curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default.svc/api/v1/namespaces/default/pods"
|
2024-05-02 14:21:52 +00:00
|
|
|
|
|
|
|
|
# - run: nix run nixpkgs#kubectl -- config set-cluster my-cluster --server=https://kubernetes.default.svc --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
|
|
|
# - run: nix run nixpkgs#kubectl -- config set-credentials my-service-account --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
|
|
|
|
# - run: nix run nixpkgs#kubectl -- config set-context my-context --cluster=my-cluster --user=my-service-account
|
|
|
|
|
# - run: nix run nixpkgs#kubectl -- config use-context my-context
|
|
|
|
|
# - run: nix run nixpkgs#kubectl -- get pods
|
2024-05-02 14:25:12 +00:00
|
|
|
- run: |
|
|
|
|
|
mkdir -p ~/.config/sops/age
|
|
|
|
|
echo -n "${{ secrets.AGE_SECRET_KEY }}" > ~/.config/sops/age/keys.txt
|
|
|
|
|
- run: nix run nixpkgs#sops -- --decrypt src/secrets/sops.yaml | grep "paperless-ngx:"
|
