From a15b65a19850ee5573a69803a6ae60c1343fb2bc Mon Sep 17 00:00:00 2001 From: Ole Magnus Fon Johnsen Date: Mon, 6 Nov 2023 12:39:29 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=92=9A=20Repo=20secrets=20in=20CI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build_cms.yaml | 1 + .github/workflows/cypress_component_tests.yaml | 1 + .github/workflows/deploy.yaml | 7 ++++--- .github/workflows/destroy_previews.yaml | 7 ++++--- .github/workflows/docker_tests_and_previews.yaml | 7 ++++--- .github/workflows/ktlint.yaml | 1 + .github/workflows/lint_format.yaml | 1 + .github/workflows/psql_check.yaml | 1 + .github/workflows/restart_backend_preview.yaml | 8 ++------ .github/workflows/sanity_deploy.yaml | 1 + .github/workflows/terraform_format_plan.yaml | 7 ++++--- .github/workflows/terraform_format_plan_pass.yaml | 1 + 12 files changed, 25 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build_cms.yaml b/.github/workflows/build_cms.yaml index 7061e580d..947ee0e37 100644 --- a/.github/workflows/build_cms.yaml +++ b/.github/workflows/build_cms.yaml @@ -1,4 +1,5 @@ name: Build CMS + on: pull_request: branches: [master] diff --git a/.github/workflows/cypress_component_tests.yaml b/.github/workflows/cypress_component_tests.yaml index 6f88f85d7..6839c63d6 100644 --- a/.github/workflows/cypress_component_tests.yaml +++ b/.github/workflows/cypress_component_tests.yaml @@ -1,4 +1,5 @@ name: Cypress component tests + on: pull_request: branches: [master] diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 21cd59233..226d17982 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,4 +1,5 @@ name: Deploy backend + on: push: branches: [master] @@ -16,10 +17,10 @@ env: TF_VAR_auth_secret: ${{ secrets.AUTH_SECRET }} TF_VAR_sendgrid_api_key: ${{ secrets.SENDGRID_API_KEY }} TF_VAR_revision_suffix: ${{ github.sha }} - ARM_CLIENT_ID: 225cb793-e592-482e-8612-2318bd5e0a6c + ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_SUBSCRIPTION_ID: f16e6916-1e71-42a0-9df3-0246b805f432 - ARM_TENANT_ID: 10086e44-d4c5-4039-ab23-dc49610f7879 + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} jobs: docker_push_backend: diff --git a/.github/workflows/destroy_previews.yaml b/.github/workflows/destroy_previews.yaml index 8f98267fb..1e899c56c 100644 --- a/.github/workflows/destroy_previews.yaml +++ b/.github/workflows/destroy_previews.yaml @@ -1,4 +1,5 @@ name: Destroy backend preview + on: pull_request: branches: [master] @@ -57,8 +58,8 @@ jobs: TF_VAR_backend_image: '$IMAGE_NAME/backend:$BACKEND_TAG' TF_VAR_admin_key: ${{ secrets.ADMIN_KEY_DEV }} TF_VAR_auth_secret: ${{ secrets.AUTH_SECRET }} - ARM_CLIENT_ID: 225cb793-e592-482e-8612-2318bd5e0a6c + ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_SUBSCRIPTION_ID: f16e6916-1e71-42a0-9df3-0246b805f432 - ARM_TENANT_ID: 10086e44-d4c5-4039-ab23-dc49610f7879 + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} WORKSPACE_NAME: ${{ steps.env_vars.outputs.BRANCH_NAME_FORMATTED }} diff --git a/.github/workflows/docker_tests_and_previews.yaml b/.github/workflows/docker_tests_and_previews.yaml index d557b63eb..9dba97118 100644 --- a/.github/workflows/docker_tests_and_previews.yaml +++ b/.github/workflows/docker_tests_and_previews.yaml @@ -1,4 +1,5 @@ name: Docker tests & previews + on: pull_request: branches: [master] @@ -290,10 +291,10 @@ jobs: TF_VAR_db_password: ${{ secrets.DB_PASSWORD_DEV }} TF_VAR_backend_image: '${{ env.IMAGE_NAME }}/backend:${{ steps.env_vars.outputs.BACKEND_TAG }}' TF_VAR_auth_secret: ${{ secrets.AUTH_SECRET }} - ARM_CLIENT_ID: 225cb793-e592-482e-8612-2318bd5e0a6c + ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_SUBSCRIPTION_ID: f16e6916-1e71-42a0-9df3-0246b805f432 - ARM_TENANT_ID: 10086e44-d4c5-4039-ab23-dc49610f7879 + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} WORKSPACE_NAME: ${{ steps.env_vars.outputs.BRANCH_NAME_FORMATTED }} - name: Find comment diff --git a/.github/workflows/ktlint.yaml b/.github/workflows/ktlint.yaml index 65ccd94f3..6f715cbb6 100644 --- a/.github/workflows/ktlint.yaml +++ b/.github/workflows/ktlint.yaml @@ -1,4 +1,5 @@ name: ktlint + on: pull_request: branches: [master] diff --git a/.github/workflows/lint_format.yaml b/.github/workflows/lint_format.yaml index 0da461189..d29d07134 100644 --- a/.github/workflows/lint_format.yaml +++ b/.github/workflows/lint_format.yaml @@ -1,4 +1,5 @@ name: Lint & format + on: pull_request: branches: [master] diff --git a/.github/workflows/psql_check.yaml b/.github/workflows/psql_check.yaml index 7aa576483..846cca010 100644 --- a/.github/workflows/psql_check.yaml +++ b/.github/workflows/psql_check.yaml @@ -1,4 +1,5 @@ name: Check SQL migration syntax + on: pull_request: branches: [master] diff --git a/.github/workflows/restart_backend_preview.yaml b/.github/workflows/restart_backend_preview.yaml index c99c1d0dd..379f9fb20 100644 --- a/.github/workflows/restart_backend_preview.yaml +++ b/.github/workflows/restart_backend_preview.yaml @@ -1,13 +1,9 @@ name: Restart backend preview + on: issue_comment: types: [edited] -env: - ARM_CLIENT_ID: 225cb793-e592-482e-8612-2318bd5e0a6c - ARM_SUBSCRIPTION_ID: f16e6916-1e71-42a0-9df3-0246b805f432 - ARM_TENANT_ID: 10086e44-d4c5-4039-ab23-dc49610f7879 - jobs: restart_preview: name: 'Restart backend preview' @@ -40,7 +36,7 @@ jobs: - name: Sign in to Azure uses: azure/login@v1 with: - creds: '{"clientId":"${{ env.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ env.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ env.ARM_TENANT_ID }}"}' + creds: '{"clientId":"${{ secrets.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.ARM_TENANT_ID }}"}' - name: Restart container if: contains(${{ steps.fc.outputs.comment_body }}, '- [x] check this box to restart the backend preview, if you are getting errors.') diff --git a/.github/workflows/sanity_deploy.yaml b/.github/workflows/sanity_deploy.yaml index 5b83a9822..fa1016c83 100644 --- a/.github/workflows/sanity_deploy.yaml +++ b/.github/workflows/sanity_deploy.yaml @@ -1,4 +1,5 @@ name: Deploy to Sanity Studio + on: push: branches: [master] diff --git a/.github/workflows/terraform_format_plan.yaml b/.github/workflows/terraform_format_plan.yaml index c4d52afc2..0417a7946 100644 --- a/.github/workflows/terraform_format_plan.yaml +++ b/.github/workflows/terraform_format_plan.yaml @@ -1,4 +1,5 @@ name: Terraform format & plan + on: pull_request: branches: [master] @@ -18,10 +19,10 @@ env: TF_VAR_auth_secret: ${{ secrets.AUTH_SECRET }} TF_VAR_sendgrid_api_key: ${{ secrets.SENDGRID_API_KEY }} TF_VAR_revision_suffix: ${{ github.sha }} - ARM_CLIENT_ID: 225cb793-e592-482e-8612-2318bd5e0a6c + ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_SUBSCRIPTION_ID: f16e6916-1e71-42a0-9df3-0246b805f432 - ARM_TENANT_ID: 10086e44-d4c5-4039-ab23-dc49610f7879 + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} jobs: terraform_format: diff --git a/.github/workflows/terraform_format_plan_pass.yaml b/.github/workflows/terraform_format_plan_pass.yaml index d1ebcff99..9b9b9cced 100644 --- a/.github/workflows/terraform_format_plan_pass.yaml +++ b/.github/workflows/terraform_format_plan_pass.yaml @@ -1,4 +1,5 @@ name: Terraform format & plan + on: pull_request: branches: [master]