Skip to content

Commit

Permalink
feat: update to use new secrets mgmt
Browse files Browse the repository at this point in the history
  • Loading branch information
@mstrisoline
mstrisoline committed Jan 31, 2025
1 parent 7e5f0ef commit f4b7b36
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 14 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/deploy-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
permissions:
id-token: write
contents: read
environment: DEV
steps:
- name: Checkout Repo
uses: actions/checkout@v4
Expand Down Expand Up @@ -40,15 +41,16 @@ jobs:
continue-on-error: false
env:
TF_VAR_env: dev
TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}}
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}

build-release:
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
actions: read
environment: DEV
strategy:
matrix:
node: ['20.x']
Expand All @@ -63,7 +65,7 @@ jobs:
- name: Checkout Repo
uses: actions/checkout@v4
with:
token: ${{ secrets.SEMANTIC_RELEASE_PAT }}
token: ${{ secrets.GH_SEMANTIC_RELEASE_PAT }}

- uses: AnimMouse/setup-rclone@v1

Expand Down
15 changes: 9 additions & 6 deletions .github/workflows/pull-request.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ jobs:
terraform-format-validate:
runs-on: ubuntu-latest

environment: PR

permissions:
id-token: write
contents: read
Expand Down Expand Up @@ -101,8 +103,8 @@ jobs:
continue-on-error: false
env:
TF_VAR_env: dev
TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}}
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}

- name: Terraform validate
id: validate
Expand All @@ -111,8 +113,8 @@ jobs:
continue-on-error: false
env:
TF_VAR_env: dev
TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}}
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}

terraform-plan:
runs-on: ubuntu-latest
Expand All @@ -121,6 +123,7 @@ jobs:
permissions:
id-token: write
contents: read
environment: PR
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -163,5 +166,5 @@ jobs:
continue-on-error: false
env:
TF_VAR_env: ${{matrix.env}}
TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}}
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}
11 changes: 6 additions & 5 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
status: 'request'

terraform-prod:
environment: Production
environment: PROD
runs-on: ubuntu-latest
permissions:
id-token: write
Expand Down Expand Up @@ -56,15 +56,16 @@ jobs:
continue-on-error: false
env:
TF_VAR_env: prod
TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}}
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}

build-release:
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
actions: read
environment: PROD
strategy:
matrix:
node: ['20.x']
Expand All @@ -79,7 +80,7 @@ jobs:
- name: Checkout Repo
uses: actions/checkout@v4
with:
token: ${{ secrets.SEMANTIC_RELEASE_PAT }}
token: ${{ secrets.GH_SEMANTIC_RELEASE_PAT }}

- uses: AnimMouse/setup-rclone@v1

Expand Down Expand Up @@ -135,7 +136,7 @@ jobs:
env:
CLOUDFLARE: true
ENVIRONMENT: prod
GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_PAT }}
GITHUB_TOKEN: ${{ secrets.GH_SEMANTIC_RELEASE_PAT }}
R2_ACCESS_KEY: ${{secrets.R2_ACCESS_KEY}}
R2_SECRET_KEY: ${{secrets.R2_SECRET_KEY}}

Expand Down

0 comments on commit f4b7b36

Please sign in to comment.