Adding cron workflow for unsealing HC Vault.

2025-04-20 11:13:39 -04:00
2 changed files with 32 additions and 5 deletions
@@ -0,0 +1,28 @@
+name: Auto-Unseal for Vault
+on:
+  schedule:
+    - cron: "30 2 * * *"
+jobs:
+  auto-unseal:
+    name: Unseal Vault
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_SHARDS: |
+        ${{ secrets.VAULT_UNSEAL_SHARDS }}
+      VAULT_NAMESPACE: ""
+    steps:
+      - name: Cache Vault install
+        id: cache-vault
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
+          key: vault-${{ runner.os }}-1.18.0
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Unseal Vault
+        run: |
+          for vault_shard in $(cat ${VAULT_SHARDS}); do
+            vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
+          done
@@ -4286,8 +4286,6 @@ services:
      - run
      - start
    container_name: scraperr
-    depends_on:
-      - scraperr-api
    expose:
      - 3000
    image: jpyles0524/scraperr:latest
@@ -4311,6 +4309,8 @@ services:
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
+    networks:
+      default: null
    restart: unless-stopped
  scraperr-api:
    container_name: scraperr-api
@@ -4326,10 +4326,9 @@ services:
    expose:
      - 8000
    image: jpyles0524/scraperr_api:latest
+    networks:
+      default: null
    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/scraperr:/project/data
-      # - /var/run/docker.sock:/var/run/docker.sock
  scrutiny:
    cap_add:
      - SYS_RAWIO