chore: working on integrating turborepo remote cache

fvst-dev · Jul 16, 2023 · 24072ef · 24072ef
1 parent 47e6ca2
commit 24072ef
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 59 deletions.
diff --git a/.github/actions/setup-google-cloud-auth/action.yaml b/.github/actions/setup-google-cloud-auth/action.yaml
@@ -4,6 +4,9 @@ inputs:
   google_cloud_token:
     description: "Base64 encoded token from secrets"
     required: true
+  region:
+    description: "The region to authenticate against for artifact repository"
+    required: true
 
 outputs:
   access_token:
@@ -28,3 +31,14 @@ runs:
         credentials_json: "${{steps.google-key.outputs.GOOGLE_CLOUD_TOKEN}}"
         export_environment_variables: true
         create_credentials_file: true
+
+    - name: "Set up Cloud SDK"
+      uses: "google-github-actions/setup-gcloud@v1"
+
+    - name: Info
+      shell: bash
+      run: gcloud info
+
+    - name: Login to artifact repository
+      shell: bash
+      run: gcloud auth configure-docker ${{ inputs.region }}-docker.pkg.dev --quiet
diff --git a/.github/actions/setup-turborepo-remote-cache/action.yaml b/.github/actions/setup-turborepo-remote-cache/action.yaml
@@ -4,58 +4,10 @@ inputs:
   bucket:
     description: "Google cloud bucket to store remote cache"
     required: true
-  google_cloud_token:
-    description: "Base64 encoded token from secrets"
-    required: true
-  secret: # Read more at https://github.com/orgs/community/discussions/13082
-    description: "Secret for passing encrypted secret values between jobs"
-    required: true
 
 runs:
   using: "composite"
   steps:
-    - id: "encrypt_gcp_keys"
-      name: "Unpack GCP Service account from secrets and encrypt projectid/key/email for output"
-      shell: bash
-      env:
-        secret: ${{ inputs.secret }}
-      run: |
-        GOOGLE_CLOUD_TOKEN=$(echo ${{ inputs.google_cloud_token }} | base64 --decode)
-
-        GOOGLE_CLOUD_PROJECT_ID_ENCRYPTED=$(gpg --symmetric --batch --passphrase "$secret" --output - <(echo "$GOOGLE_CLOUD_TOKEN" | jq -r '.project_id') | base64 -w0)
-        echo "::add-mask::GOOGLE_CLOUD_PROJECT_ID_ENCRYPTED"
-        echo "GOOGLE_CLOUD_PROJECT_ID_ENCRYPTED=$GOOGLE_CLOUD_PROJECT_ID_ENCRYPTED" >> $GITHUB_OUTPUT
-
-        GOOGLE_CLOUD_CLIENT_PRIVATE_KEY_ENCRYPTED=$(gpg --symmetric --batch --passphrase "$secret" --output - <(echo "$GOOGLE_CLOUD_TOKEN" | jq -r '.private_key') | base64 -w0)
-        echo "::add-mask::GOOGLE_CLOUD_CLIENT_PRIVATE_KEY_ENCRYPTED"
-        echo "GOOGLE_CLOUD_CLIENT_PRIVATE_KEY_ENCRYPTED<<EOF" >> $GITHUB_OUTPUT
-        echo $GOOGLE_CLOUD_CLIENT_PRIVATE_KEY_ENCRYPTED >> $GITHUB_OUTPUT
-        echo "EOF" >> $GITHUB_OUTPUT
-
-        GOOGLE_CLOUD_CLIENT_EMAIL_ENCRYPTED=$(gpg --symmetric --batch --passphrase "$secret" --output - <(echo "$GOOGLE_CLOUD_TOKEN" | jq -r '.client_email') | base64 -w0)
-        echo "::add-mask::GOOGLE_CLOUD_CLIENT_EMAIL_ENCRYPTED"
-        echo "GOOGLE_CLOUD_CLIENT_EMAIL_ENCRYPTED=$GOOGLE_CLOUD_CLIENT_EMAIL_ENCRYPTED" >> $GITHUB_OUTPUT
-
-    - id: decrypt_gcp_keys
-      name: "Decrypt GCP keys from previous step, mask them and put them to output"
-      shell: bash
-      env:
-        secret: ${{ inputs.secret }}
-      run: |
-        GOOGLE_CLOUD_PROJECT_ID=$(gpg --decrypt --quiet --batch --passphrase "$secret" --output - <(echo "${{ steps.encrypt_gcp_keys.outputs.GOOGLE_CLOUD_PROJECT_ID_ENCRYPTED }}" | base64 --decode))
-        echo "::add-mask::GOOGLE_CLOUD_PROJECT_ID"
-        echo "GOOGLE_CLOUD_PROJECT_ID=$GOOGLE_CLOUD_PROJECT_ID" >> $GITHUB_OUTPUT
-
-        GOOGLE_CLOUD_CLIENT_PRIVATE_KEY=$(gpg --decrypt --quiet --batch --passphrase "$secret" --output - <(echo "${{ steps.encrypt_gcp_keys.outputs.GOOGLE_CLOUD_CLIENT_PRIVATE_KEY_ENCRYPTED }}" | base64 --decode))
-        echo "::add-mask::GOOGLE_CLOUD_CLIENT_PRIVATE_KEY"
-        echo "GOOGLE_CLOUD_CLIENT_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-        echo $GOOGLE_CLOUD_CLIENT_PRIVATE_KEY >> $GITHUB_OUTPUT
-        echo "EOF" >> $GITHUB_OUTPUT
-
-        GOOGLE_CLOUD_CLIENT_EMAIL=$(gpg --decrypt --quiet --batch --passphrase "$secret" --output - <(echo "${{ steps.encrypt_gcp_keys.outputs.GOOGLE_CLOUD_CLIENT_EMAIL_ENCRYPTED }}" | base64 --decode))
-        echo "::add-mask::GOOGLE_CLOUD_CLIENT_EMAIL"
-        echo "GOOGLE_CLOUD_CLIENT_EMAIL=$GOOGLE_CLOUD_CLIENT_EMAIL" >> $GITHUB_OUTPUT
-
     - name: TurboRepo Remote Cache Server
       uses: trappar/turborepo-remote-cache-gh-action@main
       with:
@@ -64,6 +16,3 @@ runs:
         team-id: team_fvst
       env:
         LOG_LEVEL: "debug"
-        GCS_PROJECT_ID: ${{ steps.decrypt_gcp_keys.outputs.GOOGLE_CLOUD_PROJECT_ID }}
-        GCS_CLIENT_EMAIL: ${{ steps.decrypt_gcp_keys.outputs.GOOGLE_CLOUD_CLIENT_PRIVATE_KEY }}
-        GCS_PRIVATE_KEY: ${{ steps.decrypt_gcp_keys.outputs.GOOGLE_CLOUD_CLIENT_EMAIL }}
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -49,16 +49,15 @@ jobs:
 
       - uses: ./.github/actions/setup-turborepo-remote-cache
         with:
-          google_cloud_token: ${{ secrets[matrix.google_cloud_token] }}
           bucket: ${{ vars[matrix.turborepo_bucket] }}
-          secret: ${{ secrets.FVST_PGP_SECRET_SIGNING_PASSPHRASE }}
 
-      - name: Login to Artifact Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ vars.FVST_PROJECT_REGION }}-docker.pkg.dev
-          username: oauth2accesstoken
-          password: ${{ steps.auth.outputs.access_token }}
+      #
+      #      - name: Login to Artifact Registry
+      #        uses: docker/login-action@v2
+      #        with:
+      #          registry: ${{ vars.FVST_PROJECT_REGION }}-docker.pkg.dev
+      #          username: oauth2accesstoken
+      #          password: ${{ steps.auth.outputs.access_token }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2