From b59cc71424afa7aa6d1c91a45823b3d844439836 Mon Sep 17 00:00:00 2001 From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com> Date: Tue, 4 Oct 2022 11:23:08 -0700 Subject: [PATCH] Revert "Update deprecated Azure Key Vault in workflows (#2214)" (#2326) This reverts commit 13e33cd7896a7f023e243398e2d7a2a7af9fa40f. --- .github/workflows/build.yml | 38 ++++++------------- .../workflows/container-registry-purge.yml | 15 ++------ .github/workflows/qa-deploy.yml | 19 +++------- 3 files changed, 22 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0b4e1ba8e2..47eef1845f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -321,20 +321,13 @@ jobs: github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - docker-password, - docker-username, - dct-delegate-2-repo-passphrase, - dct-delegate-2-key - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + with: + keyvault: "bitwarden-prod-kv" + secrets: "docker-password, + docker-username, + dct-delegate-2-repo-passphrase, + dct-delegate-2-key" - name: Log into Docker if: | @@ -517,20 +510,13 @@ jobs: with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Retrieve Secrets + - name: Retrieve secrets id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.2.2 diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml index 3b96a559a6..7bb1d69288 100644 --- a/.github/workflows/container-registry-purge.yml +++ b/.github/workflows/container-registry-purge.yml @@ -81,18 +81,11 @@ jobs: - name: Retrieve secrets id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index 969856cf19..47e3569410 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -38,19 +38,12 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-qa-kv - SECRETS: | - mssql-server-host, - mssql-admin-login, - mssql-admin-login-password - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-qa-kv" + secrets: "mssql-server-host, + mssql-admin-login, + mssql-admin-login-password" - name: Migrate database env: