supposed to be sneaky (#22) #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pulumi | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| pulumi: | |
| runs-on: ubuntu-latest | |
| env: | |
| PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }} | |
| steps: | |
| - name: Checkout π | |
| uses: actions/checkout@master | |
| with: | |
| fetch-depth: 1 | |
| - name: Setup node π | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| - name: Setup pnpm π¦ | |
| id: pnpm-install | |
| uses: pnpm/[email protected] | |
| with: | |
| version: 7 | |
| run_install: false | |
| - name: Get pnpm store directory π | |
| id: pnpm-cache | |
| run: | | |
| echo "::set-output name=pnpm_cache_dir::$(pnpm store path)" | |
| - name: Setup pnpm cache π¦ | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.pnpm-install.outputs.dest }} | |
| key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm- | |
| - name: Obtain a GitHub App Installation Access Token | |
| id: githubAppAuth | |
| run: | | |
| TOKEN="$(npx obtain-github-app-installation-access-token ci ${{ secrets.GH_APP_CREDENTIALS_TOKEN }})" | |
| echo "::add-mask::$TOKEN" | |
| echo "::set-output name=token::$TOKEN" | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: "CunnyDev/stack" | |
| token: ${{ steps.githubAppAuth.outputs.token }} | |
| path: stack | |
| - run: pnpm install | |
| - run: curl -fsSL https://get.pulumi.com | sh | |
| - run: ~/.pulumi/bin/pulumi login --local | |
| - run: ~/.pulumi/bin/pulumi stack init cunnydev | |
| - run: ~/.pulumi/bin/pulumi stack select cunnydev | |
| - run: ~/.pulumi/bin/pulumi stack import --file=stack/stack.json | |
| - run: ~/.pulumi/bin/pulumi preview | |
| - run: ~/.pulumi/bin/pulumi up --yes | |
| env: | |
| GITHUB_TOKEN: ${{ steps.githubAppAuth.outputs.token }} | |
| if: github.ref == 'refs/heads/main' | |
| - run: ~/.pulumi/bin/pulumi stack export --file=stack/stack.json | |
| if: github.ref == 'refs/heads/main' | |
| - run: cat stack/stack.json | |
| if: github.ref == 'refs/heads/main' | |
| - run: ./sync.sh | |
| if: github.ref == 'refs/heads/main' |