diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 2a716ae..04f5594 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -19,8 +19,19 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: "people,secrets" + - + name: Checkout repository + uses: actions/checkout@v2 + with: + submodules: recursive + token: ${{ steps.app-token.outputs.token }} - name: Docker meta id: meta @@ -31,7 +42,7 @@ jobs: name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets.enc.env + secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Login to DockerHub @@ -52,8 +63,19 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: "people,secrets" + - + name: Checkout repository + uses: actions/checkout@v2 + with: + submodules: recursive + token: ${{ steps.app-token.outputs.token }} - name: Docker meta id: meta @@ -89,13 +111,24 @@ jobs: if: github.event_name != 'pull_request' steps: - - name: Checkout - uses: actions/checkout@v4 + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: "people,secrets" + - + name: Checkout repository + uses: actions/checkout@v2 + with: + submodules: recursive + token: ${{ steps.app-token.outputs.token }} - name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets.enc.env + secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Call argocd github webhook diff --git a/.github/workflows/people.yml b/.github/workflows/people.yml index c93177b..60c75cc 100644 --- a/.github/workflows/people.yml +++ b/.github/workflows/people.yml @@ -312,9 +312,20 @@ jobs: i18n-crowdin: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v4 - + - + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: "people,secrets" + - + name: Checkout repository + uses: actions/checkout@v2 + with: + submodules: recursive + token: ${{ steps.app-token.outputs.token }} - name: Install gettext (required to make messages) run: | sudo apt-get update @@ -332,10 +343,11 @@ jobs: - name: Generate the translation base file run: ~/.local/bin/django-admin makemessages --keep-pot --all - - name: Load sops secrets + - + name: Load sops secrets uses: rouja/actions-sops@main with: - secret-file: .github/workflows/secrets.enc.env + secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Setup Node.js diff --git a/.github/workflows/secrets b/.github/workflows/secrets new file mode 160000 index 0000000..eec9a2b --- /dev/null +++ b/.github/workflows/secrets @@ -0,0 +1 @@ +Subproject commit eec9a2bad84ebc136faf49bdbfb651f4914ae176 diff --git a/.github/workflows/secrets.enc.env b/.github/workflows/secrets.enc.env deleted file mode 100644 index 980975a..0000000 --- a/.github/workflows/secrets.enc.env +++ /dev/null @@ -1,24 +0,0 @@ -SOPS_PRIVATE=ENC[AES256_GCM,data:53ysyQ9gq2PnAQKNjOL+e+Bu5SQIuOguz8Bo5CpqbpYsF0AmV1WsOutckdClbu6ApqV3m9/Cj1FJ30+L/+j05pvcpqMeehPQwGQ=,iv:VMuML9IXiEqKY9jp+ny76jnQHmewq2rqdBy1wYpZkSI=,tag:aAZgwiWDg1AG4wk3f2Fq4w==,type:str] -CROWDIN_API_TOKEN=ENC[AES256_GCM,data:bwh38oLDH4BpI2H+7oUjtVizyrYvVJ6Av4ECTnyPPthMz6DCaYQn55RXp8rQDgJj4bPRls+JcRVC94zYIjgpkDsbbcqHr620KQKHQHMgoOQ=,iv:hydpwWtCiOkhBpAYyNwDzSjhjfdUJcKX7YX3/PXteN0=,tag:eQLniL5XxkNs5yThUuQHyw==,type:str] -CROWDIN_BASE_PATH=ENC[AES256_GCM,data:LJZE454A6qg=,iv:yIjGACBJSX3S9g7PAHRFn074xL94fHvMLcTKzFYwkwo=,tag:1Z8+UbeDOvTxR80b95KumQ==,type:str] -CROWDIN_PROJECT_ID=ENC[AES256_GCM,data:THoNz661,iv:Ixd0D9tnpEWd2yqZui1HJQEO/h7YsAC1R9Vjj8OHBjA=,tag:wfDHhzaXLD3NwY5zDj24RA==,type:str] -DOCKER_HUB_PASSWORD=ENC[AES256_GCM,data:jj92OOVMtsagOXQ=,iv:r/u8M70PspZMFCbi8a3FvuCDtWt+9YGArPNHZRpHA+k=,tag:WM3vzVkuQZVdHa3wh4satg==,type:str] -DOCKER_HUB_USER=ENC[AES256_GCM,data:btdtLdLApQ==,iv:y1o2zwyzusBS6JiQSEtZwS2zctISo+UgAFhyZ53vbKQ=,tag:ZLkMJydgjMBmbbKq979z7g==,type:str] -ARGOCD_WEBHOOK_URL=ENC[AES256_GCM,data:0TnoZv7vQI+8MZ/7EITx0Mvez66G6BcCzw+Mic+NH2qh0BdZBH8ynkYBleKw9V6TbucgHasa7duL,iv:GeE5tSpjAndThrXrzz8Dk6ah9Bxv6JQCJmKAfsToDi0=,tag:O2pIhA0ge1xygIv0izSMxg==,type:str] -ARGOCD_WEBHOOK_SECRET=ENC[AES256_GCM,data:SrdWdV24lGztyUnFXeOYGAhqTErRFakIm7hBw8n4NKW6ll6AgeZKY6w7pbvgFknQ+NlRd/EK7bYk7CZtPDGU6zM=,iv:IkWxnTWrvzWwNh4RSt3N7iPHA7K7jkzSHa4CHptxxvU=,tag:XFVYBRsuDF/La1/8ADQ2jw==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5KzVTKzFmN0Q3Umk3RGNp\nSmhrUklSZnFaVWZiWXRJR0xTVlRrL3RsMUE0CklmZFVveGRzWVNaRnFGRS9XaHhk\nbnlQYjM3dDJuRlVVZkppTlZ1RjJqS1UKLS0tIHBoamFOeDVVdmhDcFN1a3FidFlO\nN2JKTlpLNXo0SHJudWZpUWJpcE5sOWcKkfq/oWHCyy4jz6NkOUdCCDVtHV+hw7Dz\nqtc52m7dvEk1E6seD/zbes2BMQo5t0FybzikMke9cASe13cdYMGmiA==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_0__map_recipient=age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x -sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRS9pcEprcHlJSHJaWWlQ\nZ0ZTbzhoUXYxUXlNdDVyQXdvQUhVcjFya0NvCk1UOFNSUXRsMTl3Zy9ibmhMWnlN\nSUVCVW9NaDAwYk0wdlRvREZDSHI5cU0KLS0tIDhhRnNoS0xoNjE0d3FKaXZhN1V2\nbW5KOHFGcGpiOUxYWUVxZWFCejJ1SW8KNY6H8A3DNhJ2tqy13md0icS6fzHmd8cH\nah6FyrgxXa6zJbmC/bKRVPiAU7D2xAgkyqS4nzvXjeAaEMef+a97GQ==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_1__map_recipient=age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 -sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTVNHS3ZpTS9HVEV6Z3F0\ncWRxd1lsME1oUllDQjNoczN1TWhBY09DZkFvCm9tNzVOQ3Nxc3lCRk9WYXp1VmJB\nZWt4SlFlNTQxdWJGVTVEYTNablVNMFUKLS0tIEM3clpvUmVYRUJzbis1ZHpHcDAv\nY3d0VUFyUFFQc1lYbnVkRklKVGQ5MUEKy6lJML7AgC7BLYTEVJz9bnNIEXxjKNps\nV2IQWMorUsAC9fg0tPNDbAUDfgP4jkPxNEMa10vGcjwRKcKUazXj+A==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_2__map_recipient=age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg -sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOVdXOFZiQTlNZ1IwYU9u\nSzkyNk93RkIvLzJ5NjZHcmlDS1B5TUhraVJBClpXdGtqK2pxWnh1YXNDQ1Ftb2lz\nWmd3QmxpLytMMjhLR1U5Y3kwZ3krN0kKLS0tIFl4SVFjb1JPcGZ4SjNINkhqS1Uy\nTFI0dThVdFJpc0lydjR1STVRRXB2TUkKj/0oPq3pUXLY2LUNjUsrNekNorB83ejs\nBCIpaZzx2FRNHiwiOq+3m7FcX7VZoj47kqmiNbs6uyrXtv0gNGbzVA==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_3__map_recipient=age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 -sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMEdlbi81UXVCZ1o2RjJu\nbUNkdXIxcTJoU004MUxtZWE5dWtHUm01ZmpVCm9RRzNkVWhsakFRTGRBbEdMQzhw\ncU54ekphSENPNlFsOXp1blQ3SmlaelkKLS0tIE9pTW5uQ2JrbUFQcGMwL1lqL000\nekdNa2pQWHA1cXBaTGxZT1htNjhzcmcKGD1xp6Wc2CYzmkI2blmX4xt8It5HPX/w\nj5oynxnDwwPkknRdZ1bDlre5fXTzKGd917RcU2WUs9q9cbZHTmTQQQ==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_4__map_recipient=age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa -sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVEVMcU9nYUhPMTU4d2Jj\nclR1bUR0QlZEdFcraDZ6ODhwcTJsZ1BCNUR3Ci9MamhHYXN2dU9nRjNkbnUzQ1U3\nMjRjVG5kU3JFSmJmQ29UV20wSmVHbk0KLS0tIGp0aVBlNzI1V3lGYy9ONzhlVUR0\neTlPN2drTTAwOFlCUjA2U0FCY1lFVHMKzolngi5XjFQKUnwLpdpqmBDPuY0Bsurk\nyvKE/Lou9Pcm7OhZePTwoVIcBtS313vzh8xmnVeuJPpIzLjkfvJwRg==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_5__map_recipient=age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw -sops_lastmodified=2024-04-03T15:36:15Z -sops_mac=ENC[AES256_GCM,data:1v44C4K4YjV1m7tZKRgj8SiDamdD+L4p3TVwwOl6+05KCOh2uH2ohH+5MH7MTFL489oqaadpjBQfELSJ8h/4fN5MT6+Trbtk5QFLv4moLZx1tSCE1Tuam2cicFem2mlOrxb0pK/tU1qzCLvZke3yvFmiJEa+92u7y96hXM4VR6Y=,iv:23T3Tl5DvRH8zvef7ftbr5GWk+YFfLCzZ/eEzqjMKXY=,tag:TIch+2911w5qleXo55zM0w==,type:str] -sops_unencrypted_suffix=_unencrypted -sops_version=3.8.1 diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..8c16285 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,8 @@ +[submodule ".github/workflows/secrets"] + path = .github/workflows/secrets + url = https://github.com/numerique-gouv/secrets.git + branch = main +[submodule "src/helm/secrets"] + path = src/helm/secrets + url = https://github.com/numerique-gouv/secrets.git + branch = main diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100644 index 2d9a09f..0000000 --- a/.sops.yaml +++ /dev/null @@ -1,15 +0,0 @@ -creation_rules: - # Here we have - # - Jacques key-id: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x - # - github-repo key-id: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 - # - Anthony Le-Courric key-id: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg - # - Antoine Lebaud key-id: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 - # - Marie Pupo Jeammet key-id: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa - # - argocd key-id: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw - - age: - age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x, - age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7, - age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg, - age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3, - age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa, - age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw diff --git a/scripts/update-git-submodule.sh b/scripts/update-git-submodule.sh new file mode 100755 index 0000000..670cfef --- /dev/null +++ b/scripts/update-git-submodule.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +git submodule update --init --recursive +git submodule foreach 'git fetch origin; git checkout $(git rev-parse --abbrev-ref HEAD); git reset --hard origin/$(git rev-parse --abbrev-ref HEAD); git submodule update --recursive; git clean -dfx' diff --git a/src/helm/env.d/staging/secrets.enc.yaml b/src/helm/env.d/staging/secrets.enc.yaml deleted file mode 100644 index 4d2caec..0000000 --- a/src/helm/env.d/staging/secrets.enc.yaml +++ /dev/null @@ -1,70 +0,0 @@ -djangoSecretKey: ENC[AES256_GCM,data:a2U6gDdfHHCHwHfo6zr4Z3H6CPkFLMwFPHVtaZBaB6aSBtF/bLVXqcnuW1X4E41LUKY=,iv:QIF4j7XRNRCceYro99+KODETLPAcIsz4QRifqPFmqvs=,tag:qZbrTphZSLXs6QhB9pPtnw==,type:str] -djangoSuperUserPass: ENC[AES256_GCM,data:T/OHS1w=,iv:wHVoRx6zeEj0G4CL1en82UH99L55fccZ8dovyFabs0w=,tag:xmpXfxdJlFZqTsEKLytnxQ==,type:str] -oidc: - clientId: ENC[AES256_GCM,data:we8mFFJU5ykzLCKvFyyKNka1tp2QyA0IdgmQq6sIgfdC7rFf,iv:AQOyxxH5kngAoyJHLG+BKzG0MgiKjveEd8R0/3CDokU=,tag:alAFpbBqVZXtOaQ9u1fugw==,type:str] - clientSecret: ENC[AES256_GCM,data:93dsKs8h+AskewLvLJ8l+z2VYpQPt9GBCrlWAGjzDoGimKzMnj/VaFWxg6khIIfxmsBdrQc93fw3Aw4y9J3dvw==,iv:YwFlgB9DP4NmIGF3lXktyQ+J1kW7H3jB/+Uzn/jcn/o=,tag:1/V5avC3YN2rWH6dSiFfIw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOci9hOVdHT3hPeGM0S2k1 - YnBscm96RFBWUjNxZ1JYK3JrRGJSQ0NhaUQ0CmNTdG0wRjhRcVB6dGR3Tm1KVWpp - OU1iZzVwbS9CTml3YTJLcWc2TGpsek0KLS0tIGR3NC8yditKVzhSdWU1VVUxalF5 - bG4wMHZzM2RuT3hCU1FDTVVvZnMvZncKN9B/IgFLDCy1FWtiaCT7pDtYO5sExfJ9 - KygCB0R9UO8eS9LIQbFy2YU5NS5v+pb0TZJdfGYGrNdEE/0C6HU9/Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNEFva2sxUFY4bWN6U2o1 - RWxPK0ZDcFR3Q0VyZnEwdE5YNmdTODdZenhvCjFuVGhwK2w4TGZTN2tkZVhCWW5W - c2VwS0Y1cGo3V3hCZURXNXhKL0kyd1EKLS0tIEtaTUhsVHQxYnc4VFd1VVZHVkRx - S1A3azhNU1V2VUNCZTlvb2VjYXMyaHMKVQ5zrzKFeaQn3EBAbnjujK0r/nTYPUdN - yrl9v/RhOmlDAkRM/2hvWdGIcZOPOEn4qKljJdXVEwaHcnFd6/VeMg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYVF4dTBZbWtUQmRIKzZP - M0tzbHRHZ2tFTklFYjhmaWhvWG5Ba2NjZVRRCmRTczlYVmdpNTlpU05TbEtWUWxB - eXJiUDY0M0FvWW15ZUtsL2JuNm4rNU0KLS0tIE9iYUhsN244aVZXYjZqZFR4akdV - NXNOT3VEcWprbHFMVVpjQUVpdWlkeFEKqwpvWdUqRHVo7dQdMofGRJp52Fzan6UX - eVGjgedyiwRNn3xtA++ZIs5XGbxtnWSppjRKXDXRdc/ho1EVk5qlNQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDektxSGU1a2gvc2I1WHRB - ZmdHb1JEcGphWC8zZFJlU0VGb1lNbW13STJzCnlpaXQvRUNBa0lncGRFa1Z5bjRE - VHpJeTdGMEc5VGQ4TDVLUVhFNDhPVk0KLS0tIEJSUDkzL3BadGhFM2FPek1QY0pu - RkNLYzJZM1NoYjUwTkpOamRpcWsrWW8KHhvlWAx/ONMXW/Vk/dh1qECoW9YEaVd3 - MZeP7aUgoKj2ZvAnAIDUzdAbc579K54yvSAPjvkbpeeRUDZnf9CZFg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWnd4SEhubnNzS2FCSTRq - Qk9UbENjeWFNSHNna0dudnk2MmFMMDNqZHhFCmxTNktBZm1nTGNaNlpLVWtla2x2 - MU5FcE1vK0w4dHVVWjY3a0oxWjVQUGcKLS0tIGM0c0FIZ3psRkV0V2VFU1F6Y2VM - VW5ta2lpTDBFVTdqQnlhd2Nxbng5OVEK1YuJ7r9brpGq2+tQeruDo4RPCGFoURkh - Cm2TTeUhf9YJfEiJeeXMzqVWUxb4OWMQsLeGoRb9FgUCv23noM30PQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTjFEcnUyQ1VWaXpqY2F1 - Q3RQRUZnei9vZWVIb1B3dEtMaDNucWFKZWtJCm1SanNKd3pwd1hyRjJBeG5McnU1 - QVhCNWRsVm5pNmVWb1l5bkNVWnpuY1kKLS0tIHBuZ1ZHdC8zaGFNQ0NUUjA3eWZk - UHdVTWcvbUZDYlNZMzJsNjM4M05ZSVEKok3wFZHGbnRpwCn5S6OZoD/2wVbzhNj7 - X4JL6jWJZ3T8RfdNlIG2mfVmOGkT7Qf9q/VJbYC3B/pK5ocWUdcjBQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-23T08:10:43Z" - mac: ENC[AES256_GCM,data:+6ssKDBr9XwJnQto+x+8Ntq72/b+FLCI8TcMmG+Pbn2sw3ifDMa7CvdQCHeeihLjvXqLnIFvI+eVW4rclUShrx7VG3rdx8c5JDtuuNryf/5r8MZP3YqPcKKGCXEkntw/DW1BazKEqz4waIdOxv+zesvs82n4rMU0N5L7335IisI=,iv:jr6kEuRasIgMuH6t2OfPp2VsHmCJiygRpfURrP951O8=,tag:C/i6cFQcbQr0H0rZaSSr+w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 71685dc..d09c585 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -33,7 +33,7 @@ releases: namespace: {{ .Namespace }} chart: ./extra secrets: - - env.d/{{ .Environment.Name }}/secrets.enc.yaml + - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/people/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml - name: desk version: {{ .Values.version }} @@ -42,7 +42,7 @@ releases: values: - env.d/{{ .Environment.Name }}/values.desk.yaml.gotmpl secrets: - - env.d/{{ .Environment.Name }}/secrets.enc.yaml + - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/people/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml environments: dev: @@ -54,5 +54,5 @@ environments: values: - version: 0.0.1 secrets: - - env.d/{{ .Environment.Name }}/secrets.enc.yaml + - {{ ne .Environment.Name "dev" | ternary "secrets/numerique-gouv/people/env" "env.d" }}/{{ .Environment.Name }}/secrets.enc.yaml diff --git a/src/helm/secrets b/src/helm/secrets new file mode 160000 index 0000000..eec9a2b --- /dev/null +++ b/src/helm/secrets @@ -0,0 +1 @@ +Subproject commit eec9a2bad84ebc136faf49bdbfb651f4914ae176