Skip to content

Commit

Permalink
Migrated secrets to variables
Browse files Browse the repository at this point in the history
  • Loading branch information
@mattiasholm
mattiasholm committed Jul 27, 2023
1 parent b3ae0f0 commit 5c71491
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 12 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/azure-arm.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ jobs:
- name: Log in to Azure
uses: azure/login@v1
with:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
client-id: ${{ vars.AZURE_CLIENT_ID }}
allow-no-subscriptions: true

- name: Create resource group
Expand Down Expand Up @@ -79,8 +79,8 @@ jobs:
- name: Log in to Azure
uses: azure/login@v1
with:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
client-id: ${{ vars.AZURE_CLIENT_ID }}
allow-no-subscriptions: true

- name: Create deployment
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/azure-bicep.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ jobs:
- name: Log in to Azure
uses: azure/login@v1
with:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
client-id: ${{ vars.AZURE_CLIENT_ID }}
allow-no-subscriptions: true

- name: Validate deployment
Expand Down Expand Up @@ -71,8 +71,8 @@ jobs:
- name: Log in to Azure
uses: azure/login@v1
with:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
client-id: ${{ vars.AZURE_CLIENT_ID }}
allow-no-subscriptions: true

- name: Create deployment
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/azure-pulumi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ on:
env:
path: pulumi/azure-python
stack: dev
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/azure-terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ defaults:

env:
path: terraform/azure
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
ARM_USE_OIDC: true

jobs:
Expand Down
2 changes: 2 additions & 0 deletions github/repo.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,6 @@ fi

gh secret set 'SECRET' --body 'secret' --repo "$owner/$repo"

gh variable set 'VARIABLE' --body 'variable' --repo "$owner/$repo"

gh repo view "$owner/$repo" --json url
7 changes: 7 additions & 0 deletions pulumi/github-yaml/Pulumi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,12 @@ resources:
secretName: SECRET
plaintextValue: secret

variable:
type: github:ActionsVariable
properties:
repository: ${repo.name}
variableName: VARIABLE
value: variable

outputs:
cloneUrl: ${repo.httpCloneUrl}
6 changes: 6 additions & 0 deletions terraform/github/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,9 @@ resource "github_actions_secret" "secret" {
secret_name = "SECRET"
plaintext_value = "secret"
}

resource "github_actions_variable" "variable" {
repository = github_repository.repo.name
variable_name = "VARIABLE"
value = "variable"
}

0 comments on commit 5c71491

Please sign in to comment.