[DEVOPS-1259] reupdate CI-only KV SP (#2858)

* reupdate CI-only KV SP * add some edits
2025-04-06 21:48:12 -05:00 · 2023-04-17 18:03:32 +01:00 · 2023-04-17 18:03:32 +01:00 · 62c8b4c77d
commit 62c8b4c77d
parent f2fad5513d
6 changed files with 22 additions and 12 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -564,11 +564,11 @@ jobs:
              exit 1
          fi
-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
      - name: Retrieve secrets
        id: retrieve-secrets
--- a/.github/workflows/container-registry-purge.yml
+++ b/.github/workflows/container-registry-purge.yml
@ -84,11 +84,11 @@ jobs:
              exit 1
          fi
-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
      - name: Retrieve secrets
        id: retrieve-secrets
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -108,6 +108,11 @@ jobs:
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
      - name: Login to Azure - CI subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
      - name: Retrieve secrets
        id: retrieve-secrets
        env:
@ -238,7 +243,7 @@ jobs:
        if: matrix.origin_docker_repo == 'bitwarden'
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
-          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-ci"
      - name: Pull latest project image
--- a/.github/workflows/stop-staging-slots.yml
+++ b/.github/workflows/stop-staging-slots.yml
@ -28,10 +28,10 @@ jobs:
          echo "NAME_LOWER: $NAME_LOWER"
          echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT
-      - name: Login to Azure
+      - name: Login to Azure - CI Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERRVICE_PRINCIPAL }}
      - name: Retrieve secrets
        id: retrieve-secrets
@ -46,6 +46,11 @@ jobs:
          echo "::add-mask::$webapp_name"
          echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT
      - name: Login to Azure
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
      - name: Stop staging slot
        env:
          SERVICE: ${{ matrix.name }}
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -16,10 +16,10 @@ jobs:
      - name: Checkout Branch
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_CI_KV_SERVICE_PRINCIPAL }}
      - name: Retrieve secrets
        id: retrieve-secrets