From f4b7b36e45268523062d42497ae3aaa5eaa81348 Mon Sep 17 00:00:00 2001 From: Matthew Date: Fri, 31 Jan 2025 13:55:37 -0500 Subject: [PATCH] feat: update to use new secrets mgmt --- .github/workflows/deploy-dev.yml | 8 +++++--- .github/workflows/pull-request.yml | 15 +++++++++------ .github/workflows/release.yml | 11 ++++++----- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index bee1b06..f7d19fc 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -10,6 +10,7 @@ jobs: permissions: id-token: write contents: read + environment: DEV steps: - name: Checkout Repo uses: actions/checkout@v4 @@ -40,8 +41,8 @@ jobs: continue-on-error: false env: TF_VAR_env: dev - TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}} - TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}} + TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}} + TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}} build-release: runs-on: ${{ matrix.os }} @@ -49,6 +50,7 @@ jobs: id-token: write contents: read actions: read + environment: DEV strategy: matrix: node: ['20.x'] @@ -63,7 +65,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - token: ${{ secrets.SEMANTIC_RELEASE_PAT }} + token: ${{ secrets.GH_SEMANTIC_RELEASE_PAT }} - uses: AnimMouse/setup-rclone@v1 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c91f308..bf2a468 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -65,6 +65,8 @@ jobs: terraform-format-validate: runs-on: ubuntu-latest + environment: PR + permissions: id-token: write contents: read @@ -101,8 +103,8 @@ jobs: continue-on-error: false env: TF_VAR_env: dev - TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}} - TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}} + TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}} + TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}} - name: Terraform validate id: validate @@ -111,8 +113,8 @@ jobs: continue-on-error: false env: TF_VAR_env: dev - TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}} - TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}} + TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}} + TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}} terraform-plan: runs-on: ubuntu-latest @@ -121,6 +123,7 @@ jobs: permissions: id-token: write contents: read + environment: PR strategy: fail-fast: true matrix: @@ -163,5 +166,5 @@ jobs: continue-on-error: false env: TF_VAR_env: ${{matrix.env}} - TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}} - TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}} + TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}} + TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 601e2a4..b9173f4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: status: 'request' terraform-prod: - environment: Production + environment: PROD runs-on: ubuntu-latest permissions: id-token: write @@ -56,8 +56,8 @@ jobs: continue-on-error: false env: TF_VAR_env: prod - TF_VAR_r2_access_key: ${{secrets.R2_ACCESS_KEY}} - TF_VAR_r2_secret_key: ${{secrets.R2_SECRET_KEY}} + TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}} + TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}} build-release: runs-on: ${{ matrix.os }} @@ -65,6 +65,7 @@ jobs: id-token: write contents: read actions: read + environment: PROD strategy: matrix: node: ['20.x'] @@ -79,7 +80,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - token: ${{ secrets.SEMANTIC_RELEASE_PAT }} + token: ${{ secrets.GH_SEMANTIC_RELEASE_PAT }} - uses: AnimMouse/setup-rclone@v1 @@ -135,7 +136,7 @@ jobs: env: CLOUDFLARE: true ENVIRONMENT: prod - GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_PAT }} + GITHUB_TOKEN: ${{ secrets.GH_SEMANTIC_RELEASE_PAT }} R2_ACCESS_KEY: ${{secrets.R2_ACCESS_KEY}} R2_SECRET_KEY: ${{secrets.R2_SECRET_KEY}}