diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 35bfa2ef..287db564 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -29,7 +29,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env + secret-file: secrets/numerique-gouv/impress/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Call argocd github webhook diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 78fa3acc..32f6ee9c 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -36,7 +36,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env + secret-file: secrets/numerique-gouv/impress/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Docker meta @@ -80,7 +80,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env + secret-file: secrets/numerique-gouv/impress/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Docker meta @@ -125,7 +125,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env + secret-file: secrets/numerique-gouv/impress/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Docker meta @@ -175,7 +175,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env + secret-file: secrets/numerique-gouv/impress/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Call argocd github webhook diff --git a/.github/workflows/impress.yml b/.github/workflows/impress.yml index 8698e9d6..ad180cc5 100644 --- a/.github/workflows/impress.yml +++ b/.github/workflows/impress.yml @@ -227,7 +227,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env + secret-file: secrets/numerique-gouv/impress/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Install gettext (required to make messages) diff --git a/.github/workflows/secrets b/.github/workflows/secrets deleted file mode 160000 index d5e83b90..00000000 --- a/.github/workflows/secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit d5e83b9046fff0a0af12088f61cf237aa5573d54 diff --git a/.gitmodules b/.gitmodules index 8c162859..0846cc27 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,8 +1,3 @@ -[submodule ".github/workflows/secrets"] - path = .github/workflows/secrets - url = https://github.com/numerique-gouv/secrets.git - branch = main -[submodule "src/helm/secrets"] - path = src/helm/secrets - url = https://github.com/numerique-gouv/secrets.git - branch = main +[submodule "secrets"] + path = secrets + url = ../secrets diff --git a/secrets b/secrets new file mode 160000 index 00000000..a2b1357c --- /dev/null +++ b/secrets @@ -0,0 +1 @@ +Subproject commit a2b1357c0a28fffa3beaac196dbe0092724ab07c diff --git a/src/helm/env.d/preprod/secrets.enc.yaml b/src/helm/env.d/preprod/secrets.enc.yaml new file mode 120000 index 00000000..25e608e4 --- /dev/null +++ b/src/helm/env.d/preprod/secrets.enc.yaml @@ -0,0 +1 @@ +../../../../secrets/numerique-gouv/impress/env/preprod/secrets.enc.yaml \ No newline at end of file diff --git a/src/helm/env.d/production/secrets.enc.yaml b/src/helm/env.d/production/secrets.enc.yaml new file mode 120000 index 00000000..1efef50d --- /dev/null +++ b/src/helm/env.d/production/secrets.enc.yaml @@ -0,0 +1 @@ +../../../../secrets/numerique-gouv/impress/env/production/secrets.enc.yaml \ No newline at end of file diff --git a/src/helm/env.d/staging/secrets.enc.yaml b/src/helm/env.d/staging/secrets.enc.yaml new file mode 120000 index 00000000..ca63795d --- /dev/null +++ b/src/helm/env.d/staging/secrets.enc.yaml @@ -0,0 +1 @@ +../../../../secrets/numerique-gouv/impress/env/staging/secrets.enc.yaml \ No newline at end of file diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 15bfcfdb..434a0241 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -48,7 +48,7 @@ releases: namespace: {{ .Namespace }} chart: ./extra secrets: - - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml + - env.d/{{ .Environment.Name }}/secrets.enc.yaml - name: impress version: {{ .Values.version }} @@ -57,7 +57,7 @@ releases: values: - env.d/{{ .Environment.Name }}/values.impress.yaml.gotmpl secrets: - - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/impress/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml + - env.d/{{ .Environment.Name }}/secrets.enc.yaml environments: dev: @@ -69,14 +69,14 @@ environments: values: - version: 0.0.1 secrets: - - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml + - env.d/{{ .Environment.Name }}/secrets.enc.yaml preprod: values: - version: 0.0.1 secrets: - - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml + - env.d/{{ .Environment.Name }}/secrets.enc.yaml production: values: - version: 0.0.1 secrets: - - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml + - env.d/{{ .Environment.Name }}/secrets.enc.yaml diff --git a/src/helm/secrets b/src/helm/secrets deleted file mode 160000 index d5e83b90..00000000 --- a/src/helm/secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit d5e83b9046fff0a0af12088f61cf237aa5573d54