Skip to content

Commit

Permalink
Move secret keys to actions secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonrohan
jonrohan committed Oct 14, 2024
1 parent 978e867 commit e0f360c
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 20 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/demo-preview-cleanup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ jobs:
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

# Do this before repo checkout to prevent running bundle install
- uses: ruby/setup-ruby@v1
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/demo-preview-destroy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ jobs:
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Check out repo
uses: actions/checkout@v4
Expand Down
17 changes: 10 additions & 7 deletions .github/workflows/demo-production-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@ jobs:
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Purge tags
run: |
# only delete tags that aren't "latest" or "latest-assets"
Expand Down Expand Up @@ -84,13 +84,16 @@ jobs:
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy
env:
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
run: |
export AZURE_ACCESS_TOKEN=$(az account get-access-token --subscription 550eb99d-d0c7-4651-a337-f53fa6520c4f | jq -r .accessToken)
export AZURE_ACCESS_TOKEN=$(az account get-access-token --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | jq -r .accessToken)
bin/kuby -e production deploy
8 changes: 4 additions & 4 deletions .github/workflows/preview-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,9 @@ jobs:
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Get preview app info
run: ./.github/workflows/demo-preview-app-info.sh
Expand Down Expand Up @@ -96,7 +96,7 @@ jobs:
uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5
with:
resourceGroupName: primer
subscriptionId: 550eb99d-d0c7-4651-a337-f53fa6520c4f
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
template: ./.github/workflows/demo-preview-template.json
deploymentName: ${{env.DEPLOYMENT_NAME}}
parameters: appName="${{env.APP_NAME}}"
Expand Down
6 changes: 3 additions & 3 deletions demo/kuby.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,9 +151,9 @@ def install_from_image(image, dockerfile)

kubernetes do
provider :azure do
subscription_id "550eb99d-d0c7-4651-a337-f53fa6520c4f"
tenant_id "398a6654-997b-47e9-b12b-9515b896b4de"
client_id "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
subscription_id ENV["AZURE_SUBSCRIPTION_ID"]
tenant_id ENV["AZURE_TENANT_ID"]
client_id ENV["AZURE_CLIENT_ID"]

resource_group_name "primer"
resource_name "primer"
Expand Down

0 comments on commit e0f360c

Please sign in to comment.