DATAGO-121329: Explicitly use vault token for reading SolaceDev packages (#48)

Author: AmanRiat1

.github/workflows/build-integrationtest.yaml

@@ -65,8 +65,8 @@ jobs:
           path: jwt-github
           jwtGithubAudience: https://github.com/${{ github.repository_owner }}
           exportToken: true
-          secrets: secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | GITHUB_USER ;
-            secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | GITHUB_TOKEN ;
+          secrets: secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | PACKAGES_READ_USER ;
+            secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | PACKAGES_READ_TOKEN ;
 
       - name: Warn of Vault Login Failure
         if: steps.secrets.outcome != 'success'
@@ -97,6 +97,9 @@ jobs:
           echo "GITHUB_PACKAGES_DEPLOY=$GITHUB_PACKAGES_DEPLOY" >> $GITHUB_ENV
 
       - name: Static Code Analysis
+        env:
+          PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }}
+          PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }}
         run: mvn -B compile process-classes pmd:aggregate-pmd-check spotbugs:check  --settings "${GITHUB_WORKSPACE}/maven/settings.xml"
 
       - name: Unit/Integration Tests JDK 8 (zulu)
@@ -109,6 +112,9 @@ jobs:
         run: docker info
 
       - name: Run Unit/Integration Tests
+        env:
+          PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }}
+          PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }}
         run: >-
           mvn -B clean jacoco:report -Dit.test=SolaceSparkIntegrationTestSuite verify
           --settings "${GITHUB_WORKSPACE}/maven/settings.xml"

.github/workflows/release.yml

@@ -53,8 +53,8 @@ jobs:
           jwtGithubAudience: https://github.com/${{ github.repository_owner }}
           exportToken: true
           secrets:
-            secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_USER | GITHUB_USER ;
-            secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_TOKEN | GITHUB_TOKEN ;
+            secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | PACKAGES_READ_USER ;
+            secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | PACKAGES_READ_TOKEN ;
             secret/data/tools/githubactions MAVEN_GPG_KEY_PASSPHRASE | MAVEN_GPG_KEY_PASSPHRASE ;
             secret/data/tools/githubactions MAVEN_GPG_KEY | MAVEN_GPG_KEY ;
             secret/data/tools/githubactions MAVEN_USERNAME | MAVEN_USERNAME ;
@@ -128,12 +128,16 @@ jobs:
 
       - name: Deploy Artifacts (GH Packages)
         env:
+          PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }}
+          PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: >-
           mvn deploy -B -DreleaseTarget=github  -s maven/settings.xml $SKIP_FLAGS_ALL_TESTS
 
       - name: Deploy Artifacts (Maven Central)
         env:
+          PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }}
+          PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: >-
           mvn deploy -B -DreleaseTarget=central -s maven/settings.xml $SKIP_FLAGS_ALL_TESTS

maven/settings.xml

@@ -36,8 +36,8 @@
 	<servers>
 		<server>
 			<id>github-solacedev</id>
-			<username>${env.GITHUB_USER}</username>
-			<password>${env.GITHUB_TOKEN}</password>
+			<username>${env.PACKAGES_READ_USER}</username>
+			<password>${env.PACKAGES_READ_TOKEN}</password>
 		</server>
 		<server>
 			<id>github</id>