.github/workflows/deploy-rancher.yml
# inspired by https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
name: Deploy SwaggerEditor@next to Rancherš¢
concurrency: editor-next.swagger.io
on:
workflow_run:
workflows: ["Build & Push SwaggerEditor@next Docker image"]
types:
- completed
jobs:
deploy:
if: github.event.workflow_run.conclusion == 'success'
name: Deploy SwaggerEditor@next to Rancher
runs-on: ubuntu-latest
environment: editor-next.swagger.io
steps:
- name: Deploy Rancherš¢
run: |
ts="$(date +'%Y-%m-%dT%H:%M:%SZ' --utc)"
curl -s -D /dev/stderr -X PATCH \
-H "Authorization: Bearer ${RANCHER_BEARER_TOKEN}" \
-H 'Content-Type: application/strategic-merge-patch+json' \
"${RANCHER_URL}/k8s/clusters/${RANCHER_CLUSTER_ID}/apis/apps/v1/namespaces/${RANCHER_NAMESPACE}/${RANCHER_K8S_OBJECT_TYPE}/${RANCHER_K8S_OBJECT_NAME}" \
-d "{\"spec\": {\"template\": {\"metadata\": {\"annotations\": {\"cattle.io/timestamp\": \"${ts}\"}}}}}"
env:
RANCHER_BEARER_TOKEN: ${{ secrets.RANCHER_BEARER_TOKEN }}
RANCHER_CLUSTER_ID: 'c-n8zp2'
RANCHER_NAMESPACE: 'swagger-oss'
RANCHER_K8S_OBJECT_TYPE: 'daemonsets'
RANCHER_URL: ${{ secrets.RANCHER_URL }}
RANCHER_K8S_OBJECT_NAME: 'swagger-editor-next'