Revert "Update deprecated Azure Key Vault in workflows (#2214)" (#2326)

This reverts commit 13e33cd7896a7f023e243398e2d7a2a7af9fa40f.
2025-04-05 05:00:19 -05:00 · 2022-10-04 11:23:08 -07:00 · 2022-10-04 11:23:08 -07:00 · b59cc71424
commit b59cc71424
parent 54354237ba
3 changed files with 22 additions and 50 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -321,20 +321,13 @@ jobs:
            github.ref == 'refs/heads/rc' ||
            github.ref == 'refs/heads/hotfix-rc')
        id: retrieve-secrets
-        env:
-          KEYVAULT: bitwarden-prod-kv
-          SECRETS: |
-            docker-password,
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "docker-password,
                    docker-username,
                    dct-delegate-2-repo-passphrase,
-            dct-delegate-2-key
-        run: |
-          for i in ${SECRETS//,/ }
-          do
-            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
-            echo "::add-mask::$VALUE"
-            echo "::set-output name=$i::$VALUE"
-          done
+                    dct-delegate-2-key"

      - name: Log into Docker
        if: |
@ -517,20 +510,13 @@ jobs:
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

-      - name: Retrieve Secrets
+      - name: Retrieve secrets
        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
        if: failure()
-        env:
-          KEYVAULT: bitwarden-prod-kv
-          SECRETS: |
-            devops-alerts-slack-webhook-url
-        run: |
-          for i in ${SECRETS//,/ }
-          do
-            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
-            echo "::add-mask::$VALUE"
-            echo "::set-output name=$i::$VALUE"
-          done
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure
        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33  # v1.2.2
--- a/.github/workflows/container-registry-purge.yml
+++ b/.github/workflows/container-registry-purge.yml
@ -81,18 +81,11 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
        if: failure()
-        env:
-          KEYVAULT: bitwarden-prod-kv
-          SECRETS: |
-            devops-alerts-slack-webhook-url
-        run: |
-          for i in ${SECRETS//,/ }
-          do
-            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
-            echo "::add-mask::$VALUE"
-            echo "::set-output name=$i::$VALUE"
-          done
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure
        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33
--- a/.github/workflows/qa-deploy.yml
+++ b/.github/workflows/qa-deploy.yml
@ -38,19 +38,12 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        env:
-          KEYVAULT: bitwarden-qa-kv
-          SECRETS: |
-            mssql-server-host,
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-qa-kv"
+          secrets: "mssql-server-host,
                    mssql-admin-login,
-            mssql-admin-login-password
-        run: |
-          for i in ${SECRETS//,/ }
-          do
-            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
-            echo "::add-mask::$VALUE"
-            echo "::set-output name=$i::$VALUE"
-          done
+                    mssql-admin-login-password"

      - name: Migrate database
        env: