Skip to content

Renew Lets Encrypt Certificates #75

Renew Lets Encrypt Certificates

Renew Lets Encrypt Certificates #75

Workflow file for this run

---
name: Renew Lets Encrypt Certificates
on: # yamllint disable-line rule:truthy
# schedule:
# # 3am each month https://crontab.guru/#0_3_1_*_*
# - cron: "0 3 1 * *"
workflow_dispatch:
inputs:
environment:
description: The environment to run this workflow in
type: environment
default: CICD
required: true
# This will prevent multiple runs of this entire workflow.
# We should NOT cancel in progress runs as that can destabilize the environment.
concurrency: letsencrypt
env:
USE_ENV_VARS_NOT_FILES: true
TF_INPUT: 0 # interactive is off
TF_IN_AUTOMATION: 1 # Run in headless mode
jobs:
renew_letsencrypt_certs:
name: Renew Lets Encrypt Certificates
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment || 'CICD' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.2.9
terraform_wrapper: false
- name: Renew Certificates
shell: bash
env:
ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }}
ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }}
ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }}
ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
AZURE_ENVIRONMENT: ${{ vars.AZURE_ENVIRONMENT }}
TRE_ID: ${{ secrets.TRE_ID }}
TF_VAR_terraform_state_container_name: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
TF_VAR_mgmt_resource_group_name: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
TF_VAR_mgmt_storage_account_name: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}
CUSTOM_DOMAIN: ${{ secrets.CUSTOM_DOMAIN }}
run: |
sudo apt-get install -y python3 python3-venv libaugeas0 \
&& python3 -m venv /opt/certbot/ \
&& /opt/certbot/bin/pip install --upgrade pip \
&& /opt/certbot/bin/pip install certbot
make letsencrypt