From 9e318f88bea2e486204c12c5f4096442bf5de193 Mon Sep 17 00:00:00 2001
From: Jacques ROUSSEL <jacques.roussel@rouaje.com>
Date: Mon, 10 Jun 2024 14:44:46 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(CI)=20improve=20submodule?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- remove deplucate declaration
- simplify helmfile
- use symlink
---
 .github/workflows/deploy.yml               |  2 +-
 .github/workflows/docker-hub.yml           |  8 ++++----
 .github/workflows/impress.yml              |  2 +-
 .github/workflows/secrets                  |  1 -
 .gitmodules                                | 11 +++--------
 secrets                                    |  1 +
 src/helm/env.d/preprod/secrets.enc.yaml    |  1 +
 src/helm/env.d/production/secrets.enc.yaml |  1 +
 src/helm/env.d/staging/secrets.enc.yaml    |  1 +
 src/helm/helmfile.yaml                     | 10 +++++-----
 src/helm/secrets                           |  1 -
 11 files changed, 18 insertions(+), 21 deletions(-)
 delete mode 160000 .github/workflows/secrets
 create mode 160000 secrets
 create mode 120000 src/helm/env.d/preprod/secrets.enc.yaml
 create mode 120000 src/helm/env.d/production/secrets.enc.yaml
 create mode 120000 src/helm/env.d/staging/secrets.enc.yaml
 delete mode 160000 src/helm/secrets

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 35bfa2ef..287db564 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -29,7 +29,7 @@ jobs:
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
+          secret-file: secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
       -
         name: Call argocd github webhook
diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml
index 78fa3acc..32f6ee9c 100644
--- a/.github/workflows/docker-hub.yml
+++ b/.github/workflows/docker-hub.yml
@@ -36,7 +36,7 @@ jobs:
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
+          secret-file: secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
       -
         name: Docker meta
@@ -80,7 +80,7 @@ jobs:
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
+          secret-file: secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
       -
         name: Docker meta
@@ -125,7 +125,7 @@ jobs:
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
+          secret-file: secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
       -
         name: Docker meta
@@ -175,7 +175,7 @@ jobs:
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
+          secret-file: secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
       -
         name: Call argocd github webhook
diff --git a/.github/workflows/impress.yml b/.github/workflows/impress.yml
index 8698e9d6..ad180cc5 100644
--- a/.github/workflows/impress.yml
+++ b/.github/workflows/impress.yml
@@ -227,7 +227,7 @@ jobs:
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
+          secret-file: secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
 
       - name: Install gettext (required to make messages)
diff --git a/.github/workflows/secrets b/.github/workflows/secrets
deleted file mode 160000
index d5e83b90..00000000
--- a/.github/workflows/secrets
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit d5e83b9046fff0a0af12088f61cf237aa5573d54
diff --git a/.gitmodules b/.gitmodules
index 8c162859..0846cc27 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,8 +1,3 @@
-[submodule ".github/workflows/secrets"]
-	path = .github/workflows/secrets
-	url = https://github.com/numerique-gouv/secrets.git
-	branch = main
-[submodule "src/helm/secrets"]
-	path = src/helm/secrets
-	url = https://github.com/numerique-gouv/secrets.git
-	branch = main
+[submodule "secrets"]
+	path = secrets
+	url = ../secrets
diff --git a/secrets b/secrets
new file mode 160000
index 00000000..a2b1357c
--- /dev/null
+++ b/secrets
@@ -0,0 +1 @@
+Subproject commit a2b1357c0a28fffa3beaac196dbe0092724ab07c
diff --git a/src/helm/env.d/preprod/secrets.enc.yaml b/src/helm/env.d/preprod/secrets.enc.yaml
new file mode 120000
index 00000000..25e608e4
--- /dev/null
+++ b/src/helm/env.d/preprod/secrets.enc.yaml
@@ -0,0 +1 @@
+../../../../secrets/numerique-gouv/impress/env/preprod/secrets.enc.yaml
\ No newline at end of file
diff --git a/src/helm/env.d/production/secrets.enc.yaml b/src/helm/env.d/production/secrets.enc.yaml
new file mode 120000
index 00000000..1efef50d
--- /dev/null
+++ b/src/helm/env.d/production/secrets.enc.yaml
@@ -0,0 +1 @@
+../../../../secrets/numerique-gouv/impress/env/production/secrets.enc.yaml
\ No newline at end of file
diff --git a/src/helm/env.d/staging/secrets.enc.yaml b/src/helm/env.d/staging/secrets.enc.yaml
new file mode 120000
index 00000000..ca63795d
--- /dev/null
+++ b/src/helm/env.d/staging/secrets.enc.yaml
@@ -0,0 +1 @@
+../../../../secrets/numerique-gouv/impress/env/staging/secrets.enc.yaml
\ No newline at end of file
diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml
index 15bfcfdb..434a0241 100644
--- a/src/helm/helmfile.yaml
+++ b/src/helm/helmfile.yaml
@@ -48,7 +48,7 @@ releases:
     namespace: {{ .Namespace }}
     chart: ./extra
     secrets:
-      - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
 
   - name: impress
     version: {{ .Values.version }}
@@ -57,7 +57,7 @@ releases:
     values:
       - env.d/{{ .Environment.Name }}/values.impress.yaml.gotmpl
     secrets:
-      - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/impress/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
 
 environments:
   dev:
@@ -69,14 +69,14 @@ environments:
     values:
       - version: 0.0.1
     secrets:
-      - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
   preprod:
     values:
       - version: 0.0.1
     secrets:
-      - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
   production:
     values:
       - version: 0.0.1
     secrets:
-      - secrets/numerique-gouv/impress/env/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
diff --git a/src/helm/secrets b/src/helm/secrets
deleted file mode 160000
index d5e83b90..00000000
--- a/src/helm/secrets
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit d5e83b9046fff0a0af12088f61cf237aa5573d54