From 65cccdbae53aadd09a466435a435c169c85a1308 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Sun, 15 Sep 2024 23:00:26 +0200 Subject: [PATCH] ci: pass secets to reusable workflow --- .gitea/workflows/e2e-tests-vault.yml | 23 +++++++++++++++++++++-- .gitea/workflows/e2e-tests.yml | 27 ++++----------------------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.gitea/workflows/e2e-tests-vault.yml b/.gitea/workflows/e2e-tests-vault.yml index f688e1a..d1055c8 100644 --- a/.gitea/workflows/e2e-tests-vault.yml +++ b/.gitea/workflows/e2e-tests-vault.yml @@ -12,6 +12,25 @@ on: # - roles/vault/** jobs: + retrieve-credentials: + name: Retrieve Credentials + runs-on: ubuntu-latest + outputs: + registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }} + registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }} + steps: + - name: Get secrets from vault + id: import-secrets + uses: hashicorp/vault-action@v3 + with: + url: "https://vault.ednz.fr" + method: approle + roleId: ${{ secrets.VAULT_APPROLE_ID }} + secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + secrets: | + kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ; + kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ; + end_to_end_vault: strategy: matrix: @@ -24,5 +43,5 @@ jobs: scenario: ${{ matrix.scenario}} test_os: ${{ matrix.test_os }} secrets: - VAULT_APPROLE_ID: ${{ secrets.VAULT_APPROLE_ID }} - VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + GITEA_ACTIONS_USERNAME: ${{ needs.retrieve-credentials.outputs.registry-username }} + GITEA_ACTIONS_TOKEN: ${{ needs.retrieve-credentials.outputs.registry-token }} diff --git a/.gitea/workflows/e2e-tests.yml b/.gitea/workflows/e2e-tests.yml index 2edd38c..99a306b 100644 --- a/.gitea/workflows/e2e-tests.yml +++ b/.gitea/workflows/e2e-tests.yml @@ -17,39 +17,20 @@ on: type: string description: "On which OS to run the tests" secrets: - VAULT_APPROLE_ID: + GITEA_ACTIONS_USERNAME: required: true - VAULT_APPROLE_SECRET_ID: + GITEA_ACTIONS_TOKEN: required: true jobs: - retrieve-credentials: - name: Retrieve Credentials - runs-on: ubuntu-latest - outputs: - registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }} - registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }} - steps: - - name: Get secrets from vault - id: import-secrets - uses: hashicorp/vault-action@v3 - with: - url: "https://vault.ednz.fr" - method: approle - roleId: ${{ secrets.VAULT_APPROLE_ID }} - secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }} - secrets: | - kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ; - kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ; - molecule-test: name: Molecule tests runs-on: ubuntu-latest container: image: git.ednz.fr/container-factory/ansible-runner:act-latest credentials: - username: ${{needs.retrieve-credentials.outputs.registry-username}} - password: ${{needs.retrieve-credentials.outputs.registry-token}} + username: ${{ secrets.GITEA_ACTIONS_USERNAME }} + password: ${{ secrets.GITEA_ACTIONS_TOKEN }} env: ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_FORCE_COLOR: "true"