nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-17 09:35:39 -05:00
Code

Add secret retrieval step

Browse Source
This commit is contained in:
Vince Grassia 2024-05-08 14:46:49 -04:00
parent 79328da856
commit 798e391b1b
No known key found for this signature in database
GPG Key ID: 9AD7505E8448CC08
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/build.yml vendored
View File

@ -109,6 +109,13 @@ jobs:
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve GitHub PAT secrets
id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
- name: Login to PROD ACR - name: Login to PROD ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
@ -172,6 +179,8 @@ jobs:
linux/arm64 linux/arm64
push: true push: true
tags: ${{ steps.image-name.outputs.name }} tags: ${{ steps.image-name.outputs.name }}
secrets: |
"GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
- name: Scan Docker image - name: Scan Docker image
id: container-scan id: container-scan