Skip to content

Commit db9b612

Browse files
sean-breensean-breen
committed
revert to use input to pass secrets
1 parent e647109 commit db9b612

File tree

2 files changed

+54
-5
lines changed

2 files changed

+54
-5
lines changed

.github/actions/az-sync/action.yml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,15 @@ name: Sync Secrets from Azure Key Vault
22
author: s.breen
33
description: az-sync
44
inputs:
5+
az_client_id:
6+
description: 'Azure Client ID'
7+
required: true
8+
az_tenant_id:
9+
description: 'Azure Tenant ID'
10+
required: true
11+
az_subscription_id:
12+
description: 'Azure Subscription ID'
13+
required: true
514
keyvault:
615
description: 'Azure Key Vault name'
716
required: true
@@ -15,9 +24,9 @@ runs:
1524
- name: Azure login
1625
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
1726
with:
18-
client-id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
19-
tenant-id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
20-
subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
27+
client-id: ${{ inputs.az_client_id }}
28+
tenant-id: ${{ inputs.az_tenant_id }}
29+
subscription-id: ${{ inputs.az_subscription_id }}
2130

2231
- name: Sync
2332
shell: bash

.github/workflows/ci.yml

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,8 @@ on:
1414
- opened
1515
- reopened
1616
- synchronize
17-
17+
#f5-nginx-github-nginx-service-account
18+
#eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJZSTNYR0xuYU1ISW1aN3hsUVBqX0lrSkNfMUJseGppSXcwSjlrVW1mcTQwIn0eyJzdWIiOiJqZmFjQDAxYzhncTBlMWpkYTV6MWEzcTN4OHYweW5uL3VzZXJzL2Y1LW5naW54LWdpdGh1Yi1uZ2lueC1zZXJ2aWNlLWFjY291bnQiLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL3VzZXIiLCJhdWQiOiIqQCoiLCJpc3MiOiJqZmZlQDAxYzhncTBlMWpkYTV6MWEzcTN4OHYweW5uIiwiZXhwIjoxNzczOTU0NDExLCJpYXQiOjE3NDI0MTg0MTEsImp0aSI6IjRkY2NmMWFiLTAwZWUtNDQ2Zi1iNDAyLWIzMTRlNDgwYTU2NyJ9BTYk_Qs64JYfr30oEgJ0YaCXJcrViAa5-5sC4AaaM_MP8sm80LJRC_a1rLmYnA408yMkenYayC6diDhWy1Bx_5JO7tmn1iNQnEHJHz7rLLBJRaNNFee9mE5W36ZRUhCKtDQ1MOr9jSinibwxKXt8frwioUhjXQ29YNJcW6KYivFiviBxjU_xS-vyxhmWH0z85SxG-YDFkzOYbKbBIIgNN0iHgEfThmWbrGf7nWroP0jCnKaomLlASGZD_Z0bEmQ7KXfuxiQ9pfWDlYP0ak62s-QZmwEDB71RP-raxVaKYAMW1-DLh2ikBXkQHMAj7gzKCf163YnQce9hWce0X8DgAg
1819
permissions:
1920
contents: read
2021

@@ -35,6 +36,9 @@ jobs:
3536
- name: Get Secrets from Azure Key Vault
3637
uses: ./.github/actions/az-sync
3738
with:
39+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
40+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
41+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
3842
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
3943
secrets-filter: 'artifactory'
4044
- name: Configure Go Proxy
@@ -68,6 +72,9 @@ jobs:
6872
- name: Get Secrets from Azure Key Vault
6973
uses: ./.github/actions/az-sync
7074
with:
75+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
76+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
77+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
7178
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
7279
secrets-filter: 'artifactory'
7380
- name: Configure Go Proxy
@@ -106,6 +113,9 @@ jobs:
106113
- name: Get Secrets from Azure Key Vault
107114
uses: ./.github/actions/az-sync
108115
with:
116+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
117+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
118+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
109119
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
110120
secrets-filter: 'artifactory'
111121
- name: Configure Go Proxy
@@ -138,6 +148,9 @@ jobs:
138148
- name: Get Secrets from Azure Key Vault
139149
uses: ./.github/actions/az-sync
140150
with:
151+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
152+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
153+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
141154
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
142155
secrets-filter: 'artifactory'
143156
- name: Configure Go Proxy
@@ -167,6 +180,9 @@ jobs:
167180
- name: Get Secrets from Azure Key Vault
168181
uses: ./.github/actions/az-sync
169182
with:
183+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
184+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
185+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
170186
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
171187
secrets-filter: 'artifactory'
172188
- name: Configure Go Proxy
@@ -217,6 +233,9 @@ jobs:
217233
- name: Get Secrets from Azure Key Vault
218234
uses: ./.github/actions/az-sync
219235
with:
236+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
237+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
238+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
220239
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
221240
secrets-filter: 'artifactory'
222241
- name: Configure Go Proxy
@@ -276,6 +295,9 @@ jobs:
276295
- name: Get Secrets from Azure Key Vault
277296
uses: ./.github/actions/az-sync
278297
with:
298+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
299+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
300+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
279301
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
280302
secrets-filter: 'artifactory'
281303
- name: Configure Go Proxy
@@ -342,6 +364,9 @@ jobs:
342364
- name: Get Secrets from Azure Key Vault
343365
uses: ./.github/actions/az-sync
344366
with:
367+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
368+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
369+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
345370
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
346371
secrets-filter: 'artifactory'
347372
- name: Configure Go Proxy
@@ -418,6 +443,9 @@ jobs:
418443
- name: Get Secrets from Azure Key Vault
419444
uses: ./.github/actions/az-sync
420445
with:
446+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
447+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
448+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
421449
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
422450
secrets-filter: 'artifactory'
423451
- name: Configure Go Proxy
@@ -493,6 +521,9 @@ jobs:
493521
- name: Get Secrets from Azure Key Vault
494522
uses: ./.github/actions/az-sync
495523
with:
524+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
525+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
526+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
496527
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
497528
secrets-filter: 'artifactory'
498529
- name: Configure Go Proxy
@@ -569,6 +600,9 @@ jobs:
569600
- name: Get Secrets from Azure Key Vault
570601
uses: ./.github/actions/az-sync
571602
with:
603+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
604+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
605+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
572606
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
573607
secrets-filter: 'artifactory'
574608
- name: Configure Go Proxy
@@ -629,6 +663,9 @@ jobs:
629663
- name: Get Secrets from Azure Key Vault
630664
uses: ./.github/actions/az-sync
631665
with:
666+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
667+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
668+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
632669
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
633670
secrets-filter: 'artifactory'
634671
- name: Configure Go Proxy
@@ -699,6 +736,9 @@ jobs:
699736
- name: Get Secrets from Azure Key Vault
700737
uses: ./.github/actions/az-sync
701738
with:
739+
az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
740+
az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
741+
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
702742
keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
703743
secrets-filter: 'nginx-crt,nginx-key'
704744

@@ -748,4 +788,4 @@ jobs:
748788

749789
- name: Push load test result
750790
if: ${{ success() && github.ref_name == 'main' }}
751-
run: git push 'https://github-actions:${{ github.token }}@github.com/nginx/agent.git' benchmark-results:benchmark-results
791+
run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results

0 commit comments

Comments
 (0)