From be1dc80e4afa239e1140b107459300a8cce655a6 Mon Sep 17 00:00:00 2001
From: Vinzenz Sinapius <Vinzenz.Sinapius@gmail.com>
Date: Thu, 22 Feb 2024 02:08:00 +0100
Subject: [PATCH] Deploy dev cluster with values from ops repo (#1530)

---
 .github/workflows/deploy-dev.yaml | 37 ++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
index 6d21a660..b9af55bd 100644
--- a/.github/workflows/deploy-dev.yaml
+++ b/.github/workflows/deploy-dev.yaml
@@ -15,20 +15,42 @@ jobs:
         with:
           driver-opts: network=host
 
-      - name: Login to Regsitry
+      - name: Login to Registry
         uses: docker/login-action@v2
         with:
           registry: ${{ secrets.DO_REGISTRY }}
           username: ${{ secrets.DO_API_TOKEN }}
           password: ${{ secrets.DO_API_TOKEN }}
 
-      -
-        name: Set Env Vars
+      - name: Set Env Vars
         run: |
           echo VERSION=`cat version.txt` >> $GITHUB_ENV
           echo GIT_COMMIT_HASH=`git rev-parse --short HEAD` >> $GITHUB_ENV
           echo GIT_BRANCH_NAME=`git rev-parse --abbrev-ref HEAD` >> $GITHUB_ENV
 
+      - name: Checkout values file from ops repo
+        uses: actions/checkout@v4
+        with:
+          repository: "webrecorder/browsertrix-cloud-ops"
+          path: "browsertrix-cloud-ops"
+          ssh-key: ${{ secrets.DEPLOY_KEY_OPS_REPO }}
+          sparse-checkout: |
+            values/btrix-dev-values.yml
+            poetry.lock
+            pyproject.toml
+          sparse-checkout-cone-mode: false
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "poetry"
+
+      - name: Install vault decryption dependencies
+        working-directory: browsertrix-cloud-ops
+        run: |
+          pipx install poetry
+          poetry install
+
       - name: Build Backend
         uses: docker/build-push-action@v3
         with:
@@ -57,12 +79,10 @@ jobs:
       - name: Get Kubeconfig
         env:
           KUBECONFIG_DATA: ${{ secrets.KUBECONFIG_DATA }}
-          DEV_VALUES: ${{ secrets.DEV_VALUES }}
 
         run: |
           printf "$KUBECONFIG_DATA" >> ./.kubeconfig
           chmod 400 ./.kubeconfig
-          printf "$DEV_VALUES" >> ./dev-values.yaml
 
       - name: Install Kubectl
         uses: azure/setup-kubectl@v3
@@ -72,6 +92,13 @@ jobs:
         with:
           version: 3.10.2
 
+      - name: Decrypt values file
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        working-directory: browsertrix-cloud-ops
+        run: |
+          poetry run python scripts/decrypt-values.py values/btrix-dev-values.yml ../dev-values.yaml
+
       - name: Start Cluster with Helm
         run: |
           KUBECONFIG=./.kubeconfig helm upgrade --install -f ./chart/values.yaml -f ./dev-values.yaml btrix ./chart/