fix: update rust and use hashicorp vault

tale · tale · commit 0118d4bd974b · 2024-07-22T15:12:19.000-04:00
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -8,10 +8,24 @@ jobs:
   build:
     name: Build
     runs-on: self-hosted
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
 
+      - name: Import secrets
+        id: secrets
+        uses: hashicorp/vault-action@v2
+        with:
+          method: 'jwt'
+          url: ${{ vars.HASHICORP_VAULT_URL }}
+          role: ${{ vars.HASHICORP_VAULT_ROLE }}
+          jwtGithubAudience: ${{ vars.HASHICORP_VAULT_AUD }}
+          secrets: |
+            kv/data/canister/api *
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -42,6 +56,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/arm64
+          secret-envs: ${{ steps.secrets.outputs }}
           cache-to: type=registry,ref=ghcr.io/cnstr/api-cache,compression=zstd
           cache-from: type=registry,ref=ghcr.io/cnstr/api-cache
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM rust:1.66 as builder
+FROM rust:1.79 as builder
 ENV UPLOAD_OPENAPI=true
 WORKDIR /app
 
