From 13e33cd7896a7f023e243398e2d7a2a7af9fa40f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 29 Sep 2022 22:29:58 +0200 Subject: [PATCH] Update deprecated Azure Key Vault in workflows (#2214) --- .github/workflows/build.yml | 38 +++++++++++++------ .../workflows/container-registry-purge.yml | 15 ++++++-- .github/workflows/qa-deploy.yml | 19 +++++++--- 3 files changed, 50 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 47eef1845f..0b4e1ba8e2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -321,13 +321,20 @@ jobs: github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') id: retrieve-secrets - uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f - with: - keyvault: "bitwarden-prod-kv" - secrets: "docker-password, - docker-username, - dct-delegate-2-repo-passphrase, - dct-delegate-2-key" + env: + KEYVAULT: bitwarden-prod-kv + SECRETS: | + docker-password, + docker-username, + dct-delegate-2-repo-passphrase, + dct-delegate-2-key + run: | + for i in ${SECRETS//,/ } + do + VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) + echo "::add-mask::$VALUE" + echo "::set-output name=$i::$VALUE" + done - name: Log into Docker if: | @@ -510,13 +517,20 @@ jobs: with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Retrieve secrets + - name: Retrieve Secrets id: retrieve-secrets - uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() - with: - keyvault: "bitwarden-prod-kv" - secrets: "devops-alerts-slack-webhook-url" + env: + KEYVAULT: bitwarden-prod-kv + SECRETS: | + devops-alerts-slack-webhook-url + run: | + for i in ${SECRETS//,/ } + do + VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) + echo "::add-mask::$VALUE" + echo "::set-output name=$i::$VALUE" + done - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.2.2 diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml index 7bb1d69288..3b96a559a6 100644 --- a/.github/workflows/container-registry-purge.yml +++ b/.github/workflows/container-registry-purge.yml @@ -81,11 +81,18 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() - with: - keyvault: "bitwarden-prod-kv" - secrets: "devops-alerts-slack-webhook-url" + env: + KEYVAULT: bitwarden-prod-kv + SECRETS: | + devops-alerts-slack-webhook-url + run: | + for i in ${SECRETS//,/ } + do + VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) + echo "::add-mask::$VALUE" + echo "::set-output name=$i::$VALUE" + done - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index 47e3569410..969856cf19 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -38,12 +38,19 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 - with: - keyvault: "bitwarden-qa-kv" - secrets: "mssql-server-host, - mssql-admin-login, - mssql-admin-login-password" + env: + KEYVAULT: bitwarden-qa-kv + SECRETS: | + mssql-server-host, + mssql-admin-login, + mssql-admin-login-password + run: | + for i in ${SECRETS//,/ } + do + VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) + echo "::add-mask::$VALUE" + echo "::set-output name=$i::$VALUE" + done - name: Migrate database env: