Move global GHA secrets to environments

[webknjaz]

Hi @mamercad, I was looking at the current GHA setup and noticed an opportunity to tighten security a bit. You can scope the secrets better by having environments set up. This way, jobs that don't have this environment set (or use other envs), will be resistant to the attempts to scrape the secrets.

Here's how to do this.

1. Add environment: integration-tests (for example) to the integration test jobs
2. Go to https://github.com/ansible-collections/community.digitalocean/settings/environments
3. Create an environment called integration-tests (it may be auto-created by the time you get there if you run a job that points to this name)
4. Create secrets used in the integration test jobs under the integration-tests
5. After testing, delete the global secrets

[mamercad]

We currently use environments for integration testing (on pull request).

[mamercad]

We currently use environments for integration testing (on pull request).

Now that I'm looking at this more closely, a couple of the downstream jobs missed that directive, creating a PR shortly.

[mamercad]

The non-pull-request integration tests only run on main, schedule, and workflow_dispatch. How would your suggestion benefit these?

[mamercad]

Closing due to inactivity.