ci: pass secets to reusable workflow
Some checks failed
development / Check commit compliance (push) Successful in 5s
test / Retrieve Credentials (pull_request) Successful in 2s
test / end_to_end_vault (debian11, vault_default) (pull_request) Failing after 6s
test / end_to_end_vault (debian11, vault_with_raft_enabled) (pull_request) Failing after 8s
test / end_to_end_vault (debian12, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (debian12, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2004, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2004, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2204, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2204, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2404, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2404, vault_with_raft_enabled) (pull_request) Failing after 1s
pull-requests-open / Check commit compliance (pull_request) Successful in 10s
Some checks failed
development / Check commit compliance (push) Successful in 5s
test / Retrieve Credentials (pull_request) Successful in 2s
test / end_to_end_vault (debian11, vault_default) (pull_request) Failing after 6s
test / end_to_end_vault (debian11, vault_with_raft_enabled) (pull_request) Failing after 8s
test / end_to_end_vault (debian12, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (debian12, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2004, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2004, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2204, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2204, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2404, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2404, vault_with_raft_enabled) (pull_request) Failing after 1s
pull-requests-open / Check commit compliance (pull_request) Successful in 10s
This commit is contained in:
parent
530034556d
commit
65cccdbae5
@ -12,6 +12,25 @@ on:
|
|||||||
# - roles/vault/**
|
# - roles/vault/**
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
retrieve-credentials:
|
||||||
|
name: Retrieve Credentials
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
outputs:
|
||||||
|
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
|
||||||
|
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
|
||||||
|
steps:
|
||||||
|
- name: Get secrets from vault
|
||||||
|
id: import-secrets
|
||||||
|
uses: hashicorp/vault-action@v3
|
||||||
|
with:
|
||||||
|
url: "https://vault.ednz.fr"
|
||||||
|
method: approle
|
||||||
|
roleId: ${{ secrets.VAULT_APPROLE_ID }}
|
||||||
|
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
|
||||||
|
secrets: |
|
||||||
|
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
|
||||||
|
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
|
||||||
|
|
||||||
end_to_end_vault:
|
end_to_end_vault:
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
@ -24,5 +43,5 @@ jobs:
|
|||||||
scenario: ${{ matrix.scenario}}
|
scenario: ${{ matrix.scenario}}
|
||||||
test_os: ${{ matrix.test_os }}
|
test_os: ${{ matrix.test_os }}
|
||||||
secrets:
|
secrets:
|
||||||
VAULT_APPROLE_ID: ${{ secrets.VAULT_APPROLE_ID }}
|
GITEA_ACTIONS_USERNAME: ${{ needs.retrieve-credentials.outputs.registry-username }}
|
||||||
VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
|
GITEA_ACTIONS_TOKEN: ${{ needs.retrieve-credentials.outputs.registry-token }}
|
||||||
|
@ -17,39 +17,20 @@ on:
|
|||||||
type: string
|
type: string
|
||||||
description: "On which OS to run the tests"
|
description: "On which OS to run the tests"
|
||||||
secrets:
|
secrets:
|
||||||
VAULT_APPROLE_ID:
|
GITEA_ACTIONS_USERNAME:
|
||||||
required: true
|
required: true
|
||||||
VAULT_APPROLE_SECRET_ID:
|
GITEA_ACTIONS_TOKEN:
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
retrieve-credentials:
|
|
||||||
name: Retrieve Credentials
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
outputs:
|
|
||||||
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
|
|
||||||
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
|
|
||||||
steps:
|
|
||||||
- name: Get secrets from vault
|
|
||||||
id: import-secrets
|
|
||||||
uses: hashicorp/vault-action@v3
|
|
||||||
with:
|
|
||||||
url: "https://vault.ednz.fr"
|
|
||||||
method: approle
|
|
||||||
roleId: ${{ secrets.VAULT_APPROLE_ID }}
|
|
||||||
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
|
|
||||||
secrets: |
|
|
||||||
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
|
|
||||||
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
|
|
||||||
|
|
||||||
molecule-test:
|
molecule-test:
|
||||||
name: Molecule tests
|
name: Molecule tests
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container:
|
container:
|
||||||
image: git.ednz.fr/container-factory/ansible-runner:act-latest
|
image: git.ednz.fr/container-factory/ansible-runner:act-latest
|
||||||
credentials:
|
credentials:
|
||||||
username: ${{needs.retrieve-credentials.outputs.registry-username}}
|
username: ${{ secrets.GITEA_ACTIONS_USERNAME }}
|
||||||
password: ${{needs.retrieve-credentials.outputs.registry-token}}
|
password: ${{ secrets.GITEA_ACTIONS_TOKEN }}
|
||||||
env:
|
env:
|
||||||
ANSIBLE_HOST_KEY_CHECKING: "false"
|
ANSIBLE_HOST_KEY_CHECKING: "false"
|
||||||
ANSIBLE_FORCE_COLOR: "true"
|
ANSIBLE_FORCE_COLOR: "true"
|
||||||
|
Loading…
Reference in New Issue
Block a user