Jafner.net/.gitea/workflows/vyos-deploy.yaml

name: Deploy VyOS config.boot to Wizard

on:
  push:
    branches: [ main ]
    paths: [ 'homelab/vyos/config.boot' ]

jobs:
  deploy:
    defaults:
      run: 
        working-directory: homelab/vyos
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Jafner.net repo
        uses: actions/checkout@v4
      - name: Check network connectivity to host
        run: |
          sudo apt-get update &&\
          sudo apt-get install -y iputils-ping
          ping -c 1 -t 5 -q 192.168.1.1
      - name: Configure SSH
        run: |
          echo -e "${{ secrets.RUNNER_SSH_PRIVATEKEY }}" > /tmp/key
          chmod 600 /tmp/key
          ssh-keygen -y -f /tmp/key > /tmp/key.pub
          mkdir -p ~/.ssh && touch ~/.ssh/known_hosts && chmod 600 ~/.ssh/known_hosts
          ssh-keyscan -t ed25519 192.168.1.1 >> ~/.ssh/known_hosts
      - name: Connect to VyOS
        run: |
          ssh -i /tmp/key vyos@192.168.1.1 'whoami'
      - name: Install SOPS
        run: |
          curl -o sops -L https://github.com/getsops/sops/releases/download/v3.9.1/sops-v3.9.1.linux.amd64
          chmod +x sops; mv sops /usr/local/bin/sops
          sops --version
      - name: Decrypt config.boot
        run: |
          echo -e "$(ssh -i /tmp/key vyos@192.168.1.1 'cat /config/wizard.host.key')\n${{ secrets.AGE_DEPLOY_KEY }}" > /tmp/combined.key
          export SOPS_AGE_KEY_FILE=/tmp/combined.key
          sops decrypt -i --input-type json config.boot 2>/dev/null && echo "Decrypted config.boot"
      - name: Push config to VyOS
        run: |
          SSH_CMD="ssh -i /tmp/key" SCP_CMD="scp -i /tmp/key -q" ./vyos.sh push
#16 Rename job 2024-10-25 14:44:38 -07:00			`name: Deploy VyOS config.boot to Wizard`
Init test workflow 2024-09-06 13:55:30 -07:00
			`on:`
			`push:`
#16 Constrain workflow trigger to changes to homelab/vyos/config.boot 2024-10-24 15:35:10 -07:00			`branches: [ main ]`
			`paths: [ 'homelab/vyos/config.boot' ]`
Init test workflow 2024-09-06 13:55:30 -07:00
			`jobs:`
#16 Rename job 2024-10-25 14:44:38 -07:00			`deploy:`
#16 Run commands from vyos dir, add step to run commands via vyos.sh 2024-10-24 16:29:41 -07:00			`defaults:`
			`run:`
			`working-directory: homelab/vyos`
Init test workflow 2024-09-06 13:55:30 -07:00			`runs-on: ubuntu-latest`
			`steps:`
#16 Enable debug for the SSH action 2024-10-24 15:46:48 -07:00			`- name: Checkout Jafner.net repo`
			`uses: actions/checkout@v4`
#16 Commit working state for SSH, re-add ping, trigger workflow 2024-10-25 00:29:29 -07:00			`- name: Check network connectivity to host`
			`run: \|`
#16 Disable hacking#show-changes, get package index before attempting to install iputils-ping 2024-10-25 12:06:04 -07:00			`sudo apt-get update &&\`
			`sudo apt-get install -y iputils-ping`
#16 Increase timeout threshold for ping 2024-10-25 12:08:20 -07:00			`ping -c 1 -t 5 -q 192.168.1.1`
#16 Add ping check, don't echo pubkey, run whoami in last step 2024-10-24 23:39:51 -07:00			`- name: Configure SSH`
#16 Update action version, print pubkey from env 2024-10-24 15:50:10 -07:00			`run: \|`
#16 Wrap var in quotes 2024-10-24 16:35:40 -07:00			`echo -e "${{ secrets.RUNNER_SSH_PRIVATEKEY }}" > /tmp/key`
#16 Run ssh more explicitly 2024-10-24 23:47:43 -07:00			`chmod 600 /tmp/key`
#16 Secure SSH key, generate pubkey, print fingerprint 2024-10-24 16:42:13 -07:00			`ssh-keygen -y -f /tmp/key > /tmp/key.pub`
#16 Grab only the ed25519 host key, trigger workflow 2024-10-25 00:03:15 -07:00			`mkdir -p ~/.ssh && touch ~/.ssh/known_hosts && chmod 600 ~/.ssh/known_hosts`
			`ssh-keyscan -t ed25519 192.168.1.1 >> ~/.ssh/known_hosts`
#16 Run ssh more explicitly 2024-10-24 23:47:43 -07:00			`- name: Connect to VyOS`
#16 Run commands from vyos dir, add step to run commands via vyos.sh 2024-10-24 16:29:41 -07:00			`run: \|`
#16 Refactor vyos.sh to accept alternative ssh and scp command configurations, adapt vyos-deploy to pass new SSH_CMD and SCP_CMD 2024-10-25 12:41:25 -07:00			`ssh -i /tmp/key vyos@192.168.1.1 'whoami'`
#16 Configure decrypting config.boot - Add age recipient key for wizard to .sops.yaml (also placed privatekey on wizard at /config/wizard.host.key) - Add step to install sops from specific binary release v3.9.1 - Add step to decrypt config.boot locally - Add step to push decrypted config.boot to vyos host - Trigger workflow 2024-10-25 13:27:57 -07:00			`- name: Install SOPS`
			`run: \|`
			`curl -o sops -L https://github.com/getsops/sops/releases/download/v3.9.1/sops-v3.9.1.linux.amd64`
			`chmod +x sops; mv sops /usr/local/bin/sops`
			`sops --version`
			`- name: Decrypt config.boot`
			`run: \|`
			`echo -e "$(ssh -i /tmp/key vyos@192.168.1.1 'cat /config/wizard.host.key')\n${{ secrets.AGE_DEPLOY_KEY }}" > /tmp/combined.key`
			`export SOPS_AGE_KEY_FILE=/tmp/combined.key`
			`sops decrypt -i --input-type json config.boot 2>/dev/null && echo "Decrypted config.boot"`
			`- name: Push config to VyOS`
#16 Fix typo 2024-10-25 13:29:09 -07:00			`run: \|`
#16 Configure decrypting config.boot - Add age recipient key for wizard to .sops.yaml (also placed privatekey on wizard at /config/wizard.host.key) - Add step to install sops from specific binary release v3.9.1 - Add step to decrypt config.boot locally - Add step to push decrypted config.boot to vyos host - Trigger workflow 2024-10-25 13:27:57 -07:00			`SSH_CMD="ssh -i /tmp/key" SCP_CMD="scp -i /tmp/key -q" ./vyos.sh push`