From 3cdda89aff6fa9031b42fe4d01332a4b36f38327 Mon Sep 17 00:00:00 2001
From: sensei100 <tuh42082@temple.edu>
Date: Wed, 23 Jul 2025 16:01:36 -0400
Subject: [PATCH] Add vault file step

---
 .github/workflows/prod-deploy.yml | 9 ++++++++-
 .github/workflows/qa-deploy.yml   | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml
index 145c260b..0ac9e2f2 100644
--- a/.github/workflows/prod-deploy.yml
+++ b/.github/workflows/prod-deploy.yml
@@ -46,8 +46,15 @@ jobs:
           path: ansible-playbook-airflow
           ref: main
 
+      - name: Dump vault password to disk
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          printf '%s' "${ANSIBLE_VAULT_PASSWORD}" > "$HOME/.vault"
+          chmod 600 "$HOME/.vault"
+
       - name: Run Ansible Airflow Playbook for Prod
         working-directory: ansible-playbook-airflow
         run: |
           pipenv run ansible-galaxy install -r requirements.yml
-          pipenv run ansible-playbook -i inventory/prod playbook.yml --tags "jumphost,role::airflow::dags" --vault-id ${{ secrets.ANSIBLE_VAULT_PASSWORD }} -e 'ansible_ssh_port=9229' -e cob_datapipeline_branch=$COB_DATAPIPELINE_BRANCH
+          pipenv run ansible-playbook -i inventory/prod playbook.yml --tags "jumphost,role::airflow::dags" --vault-password-file "$HOME/.vault" -e 'ansible_ssh_port=9229' -e cob_datapipeline_branch=$COB_DATAPIPELINE_BRANCH
diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml
index 5c798463..51b69900 100644
--- a/.github/workflows/qa-deploy.yml
+++ b/.github/workflows/qa-deploy.yml
@@ -43,8 +43,15 @@ jobs:
           path: ansible-playbook-airflow
           ref: qa
 
+      - name: Dump vault password to disk
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          printf '%s' "${ANSIBLE_VAULT_PASSWORD}" > "$HOME/.vault"
+          chmod 600 "$HOME/.vault"
+
       - name: Run Ansible Airflow Playbook for QA
         working-directory: ansible-playbook-airflow
         run: |
           pipenv run ansible-galaxy install -r requirements.yml
-          pipenv run ansible-playbook -i inventory/qa playbook.yml --tags "jumphost,role::airflow::dags" --vault-id ${{ secrets.ANSIBLE_VAULT_PASSWORD }} -e 'ansible_ssh_port=9229'
+          pipenv run ansible-playbook -i inventory/qa playbook.yml --tags "jumphost,role::airflow::dags" --vault-password-file "$HOME/.vault" -e 'ansible_ssh_port=9229'