Skip to content

Commit ea01f28

Browse files
committed
Switch from repo secrets to vars
- cleanup
1 parent ceba3ce commit ea01f28

File tree

2 files changed

+20
-56
lines changed

2 files changed

+20
-56
lines changed

.github/workflows/release-build-sign-upload.yml

Lines changed: 8 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -44,45 +44,17 @@ permissions:
4444
contents: read
4545

4646
defaults:
47-
# top-level defaults subkeys apply to jobs
48-
# run subkeys apply to all steps within all jobs
4947
run:
5048
shell: bash
5149

5250
jobs:
53-
54-
# test:
55-
# environment: DEV
56-
# runs-on: ubuntu-latest
57-
# steps:
58-
# - name: Setup upterm session
59-
# env:
60-
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
61-
# AWS_REGION: ${{ secrets.AWS_REGION }}
62-
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
63-
# GIT_RELEASE_TARGET_REPO: ${{ secrets.GIT_RELEASE_TARGET_REPO }}
64-
# GIT_REPO_ACCESS_TOKEN: ${{ secrets.GIT_REPO_ACCESS_TOKEN }}
65-
# SIGNING_KEY_GPG: ${{ secrets.SIGNING_KEY_GPG }}
66-
# SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
67-
# SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }}
68-
# SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }}
69-
# SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }}
70-
# SIGNING_KEY_MAC_PFX: ${{ secrets.SIGNING_KEY_MAC_PFX }}
71-
# SIGNING_KEY_WINDOWS_ID: ${{ secrets.SIGNING_KEY_WINDOWS_ID }}
72-
# SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
73-
# SIGNING_KEY_WINDOWS_PFX: ${{ secrets.SIGNING_KEY_WINDOWS_PFX }}
74-
# SIGNING_TEST_CA_MAC: ${{ secrets.SIGNING_TEST_CA_MAC }}
75-
# if: always()
76-
# uses: lhotari/action-upterm@v1
77-
# timeout-minutes: 60
78-
7951
setup:
8052
name: Setup
8153
# needs: test
8254
runs-on: ubuntu-latest
8355

8456
outputs:
85-
aws-s3-bucket: "v${{ steps.parse-semver.outputs.version-major }}-cf-cli-releases"
57+
aws-s3-bucket: "v${{ steps.parse-semver.outputs.version-major }}-cf-cli-releases"
8658

8759
version-build: ${{ steps.parse-semver.outputs.version-build }}
8860
version-major: ${{ steps.parse-semver.outputs.version-major }}
@@ -781,8 +753,8 @@ jobs:
781753
actions: read
782754
contents: read
783755
env:
784-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
785-
AWS_REGION: ${{ secrets.AWS_REGION }}
756+
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
757+
AWS_REGION: ${{ vars.AWS_REGION }}
786758
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
787759
AWS_S3_BUCKET: ${{ needs.setup.outputs.aws-s3-bucket }}
788760
VERSION_BUILD: ${{ needs.setup.outputs.version-build }}
@@ -887,17 +859,13 @@ jobs:
887859

888860
- name: Setup aws to upload installers to CLAW S3 bucket
889861
uses: aws-actions/configure-aws-credentials@v4
890-
env:
891-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
892-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
893-
AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }}
894862
with:
895-
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
896-
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
897-
aws-region: us-west-1
898-
role-to-assume: ${{ env.AWS_S3_ROLE_ARN }}
863+
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
864+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
865+
aws-region: ${{ vars.AWS_REGION }}
866+
role-to-assume: ${{ vars.AWS_S3_ROLE_ARN }}
899867
role-skip-session-tagging: true
900-
role-duration-seconds: 1200
868+
role-duration-seconds: 1200
901869

902870
- name: Upload installers to CLAW S3 bucket
903871
run: aws s3 sync upload "s3://v${VERSION_MAJOR}-cf-cli-releases/releases/v${VERSION_BUILD}/"

.github/workflows/release-update-repos.yml

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -300,13 +300,13 @@ jobs:
300300
301301
- name: Update Debian Repository
302302
env:
303-
DEBIAN_FRONTEND: noninteractive
304-
SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
305-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
306-
AWS_BUCKET_NAME: cf-cli-debian-repo
307-
AWS_DEFAULT_REGION: us-west-2
303+
DEBIAN_FRONTEND: noninteractive
304+
SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
305+
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
306+
AWS_BUCKET_NAME: cf-cli-debian-repo
307+
AWS_DEFAULT_REGION: us-west-2
308308
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
309-
AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }}
309+
AWS_S3_ROLE_ARN: ${{ vars.AWS_S3_ROLE_ARN }}
310310
run: |
311311
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_S3_ROLE_ARN} --role-session-name foobar --output text --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]"))
312312
deb-s3 upload installers/*.deb \
@@ -371,7 +371,7 @@ jobs:
371371
# TODO: fix backup
372372
# - name: Download current RPM repodata
373373
# env:
374-
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
374+
# AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
375375
# AWS_DEFAULT_REGION: us-east-1
376376
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
377377
# uses: docker://amazon/aws-cli:latest
@@ -405,17 +405,13 @@ jobs:
405405
406406
- name: Setup aws to upload installers to CLAW S3 bucket
407407
uses: aws-actions/configure-aws-credentials@v4
408-
env:
409-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
410-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
411-
AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }}
412408
with:
413-
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
414-
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
415-
aws-region: us-west-1
416-
role-to-assume: ${{ env.AWS_S3_ROLE_ARN }}
409+
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
410+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
411+
aws-region: ${{ vars.AWS_REGION }}
412+
role-to-assume: ${{ vars.AWS_S3_ROLE_ARN }}
417413
role-skip-session-tagging: true
418-
role-duration-seconds: 1200
414+
role-duration-seconds: 1200
419415

420416
- name: Download V8 RPMs
421417
run: aws s3 sync --exclude "*" --include "releases/*/*installer*.rpm" s3://v8-cf-cli-releases .

0 commit comments

Comments
 (0)