ci: pass secets to reusable workflow
Some checks failed
development / Check commit compliance (push) Successful in 5s
test / Retrieve Credentials (pull_request) Successful in 2s
test / end_to_end_vault (debian11, vault_default) (pull_request) Failing after 6s
test / end_to_end_vault (debian11, vault_with_raft_enabled) (pull_request) Failing after 8s
test / end_to_end_vault (debian12, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (debian12, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2004, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2004, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2204, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2204, vault_with_raft_enabled) (pull_request) Failing after 1s
test / end_to_end_vault (ubuntu2404, vault_default) (pull_request) Failing after 0s
test / end_to_end_vault (ubuntu2404, vault_with_raft_enabled) (pull_request) Failing after 1s
pull-requests-open / Check commit compliance (pull_request) Successful in 10s

This commit is contained in:
Bertrand Lanson 2024-09-15 23:00:26 +02:00
parent 530034556d
commit 65cccdbae5
Signed by: lanson
SSH Key Fingerprint: SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
2 changed files with 25 additions and 25 deletions

View File

@ -12,6 +12,25 @@ on:
# - roles/vault/** # - roles/vault/**
jobs: jobs:
retrieve-credentials:
name: Retrieve Credentials
runs-on: ubuntu-latest
outputs:
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
steps:
- name: Get secrets from vault
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: "https://vault.ednz.fr"
method: approle
roleId: ${{ secrets.VAULT_APPROLE_ID }}
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
secrets: |
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
end_to_end_vault: end_to_end_vault:
strategy: strategy:
matrix: matrix:
@ -24,5 +43,5 @@ jobs:
scenario: ${{ matrix.scenario}} scenario: ${{ matrix.scenario}}
test_os: ${{ matrix.test_os }} test_os: ${{ matrix.test_os }}
secrets: secrets:
VAULT_APPROLE_ID: ${{ secrets.VAULT_APPROLE_ID }} GITEA_ACTIONS_USERNAME: ${{ needs.retrieve-credentials.outputs.registry-username }}
VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }} GITEA_ACTIONS_TOKEN: ${{ needs.retrieve-credentials.outputs.registry-token }}

View File

@ -17,39 +17,20 @@ on:
type: string type: string
description: "On which OS to run the tests" description: "On which OS to run the tests"
secrets: secrets:
VAULT_APPROLE_ID: GITEA_ACTIONS_USERNAME:
required: true required: true
VAULT_APPROLE_SECRET_ID: GITEA_ACTIONS_TOKEN:
required: true required: true
jobs: jobs:
retrieve-credentials:
name: Retrieve Credentials
runs-on: ubuntu-latest
outputs:
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
steps:
- name: Get secrets from vault
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: "https://vault.ednz.fr"
method: approle
roleId: ${{ secrets.VAULT_APPROLE_ID }}
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
secrets: |
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
molecule-test: molecule-test:
name: Molecule tests name: Molecule tests
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials: credentials:
username: ${{needs.retrieve-credentials.outputs.registry-username}} username: ${{ secrets.GITEA_ACTIONS_USERNAME }}
password: ${{needs.retrieve-credentials.outputs.registry-token}} password: ${{ secrets.GITEA_ACTIONS_TOKEN }}
env: env:
ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_FORCE_COLOR: "true" ANSIBLE_FORCE_COLOR: "true"