You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi and thanks for your work on this promising project!
I'll use this issue to document a few of the stumbling blocks I encountered when trying this out for the first time.
Secrets
This document says to create two forks, front-end and ephemeral.run.
A following step says "Set the following secrets on your fork" but it's not clear which secrets need to go on which forked repo.
The intended values of the following secrets is unclear:
DOCKERHUB_REPOSITORY -- it's not clear if this should be hub.docker.com/repository/registry-1.docker.io/soulshake/front-end/, soulshake/front-end, just soulshake, or what
DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD -- these are clear enough; however, it seems that the front-end repo is actually expecting to findDOCKER_USER and DOCKER_PASS
GIT_HUB_ACCESS_TOKEN -- what permissions are required?
AWS_CLUSTER_NAME -- corresponds to terraform output value cluster_name
IAM_CLUSTER_USER -- it seems this is supposed to be the AWS_ACCESS_KEY_ID of the ephemeral-gha-user, corresponds to the terraform output value of ephemeral-gha-user_iam_creds_id
IAM_CLUSTER_PASSWORD -- it seems this is supposed to be the AWS_SECRET_ACCESS_KEY of the ephemeral-gha-user, corresponds to the terraform output value of ephemeral-gha-user_iam_creds_secret
Non-secret secrets
It would be preferable to use something other than Github secrets to store the non-secret items, as all "secrets" are obfuscated in the action logs, making it harder to debug.
Other variables
It seems there are some additional variables that need to be updated in the workflow files (AWS_REGION, repository paths for create-or-update-comment steps, KUBE_CONTEXT?, etc).
KUBE_CONTEXT in particular was confusing -- to me, the name implies that it should be set to e.g. arn:aws:eks:ap-south-1:ACCOUNT_ID:cluster/ephemeral-demo-spot (as it appears in kubectl config get-contexts) but it seems it's actually supposed to be the short cluster name, e.g. ephemeral-demo-spot ?
Workflow files / front-end repo changes needed
GETTING-STARTED.md says to fork microservices-demo/front-end but that repo doesn't have the Github actions that actually trigger the build (see diff). The doc should either instead point to OpenGov/front-end or document the workflow yaml files that need to be added.
It's actually not clear (without some investigation) which workflow files need to go on which repo.
WIP
(Will continue to gather feedback for this issue, and will be happy to create a PR, however it might be preferable to rename some of these variables instead)
The text was updated successfully, but these errors were encountered:
Hi and thanks for your work on this promising project!
I'll use this issue to document a few of the stumbling blocks I encountered when trying this out for the first time.
Secrets
This document says to create two forks,
front-end
andephemeral.run
.A following step says "Set the following secrets on your fork" but it's not clear which secrets need to go on which forked repo.
The intended values of the following secrets is unclear:
DOCKERHUB_REPOSITORY
-- it's not clear if this should behub.docker.com/repository/registry-1.docker.io/soulshake/front-end/
,soulshake/front-end
, justsoulshake
, or whatDOCKERHUB_USERNAME
,DOCKERHUB_PASSWORD
-- these are clear enough; however, it seems that thefront-end
repo is actually expecting to findDOCKER_USER
andDOCKER_PASS
GIT_HUB_ACCESS_TOKEN
-- what permissions are required?AWS_CLUSTER_NAME
-- corresponds toterraform output
valuecluster_name
IAM_CLUSTER_USER
-- it seems this is supposed to be theAWS_ACCESS_KEY_ID
of theephemeral-gha-user
, corresponds to theterraform output
value ofephemeral-gha-user_iam_creds_id
IAM_CLUSTER_PASSWORD
-- it seems this is supposed to be theAWS_SECRET_ACCESS_KEY
of theephemeral-gha-user
, corresponds to theterraform output
value ofephemeral-gha-user_iam_creds_secret
Non-secret secrets
It would be preferable to use something other than Github secrets to store the non-secret items, as all "secrets" are obfuscated in the action logs, making it harder to debug.
Other variables
It seems there are some additional variables that need to be updated in the workflow files (
AWS_REGION
, repository paths forcreate-or-update-comment
steps,KUBE_CONTEXT
?, etc).KUBE_CONTEXT
in particular was confusing -- to me, the name implies that it should be set to e.g.arn:aws:eks:ap-south-1:ACCOUNT_ID:cluster/ephemeral-demo-spot
(as it appears inkubectl config get-contexts
) but it seems it's actually supposed to be the short cluster name, e.g.ephemeral-demo-spot
?Workflow files / front-end repo changes needed
GETTING-STARTED.md
says to forkmicroservices-demo/front-end
but that repo doesn't have the Github actions that actually trigger the build (see diff). The doc should either instead point toOpenGov/front-end
or document the workflow yaml files that need to be added.It's actually not clear (without some investigation) which workflow files need to go on which repo.
WIP
(Will continue to gather feedback for this issue, and will be happy to create a PR, however it might be preferable to rename some of these variables instead)
The text was updated successfully, but these errors were encountered: