Merge pull request #61 from PerfectThymeTech/marvinbuss/container_002

marvinbuss · web-flow · commit 2de6267f99e5 · 2023-10-31T13:34:34.000+01:00
Test Container Push
diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml
@@ -41,6 +41,11 @@ jobs:
     continue-on-error: false
     environment: ${{ inputs.environment }}
 
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
     steps:
       # Check Out Repository
       - name: Check Out Repository
@@ -108,8 +113,7 @@ jobs:
         id: sign
         if: ${{ github.event_name != 'pull_request' }}
         run: |
-          echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+          cosign sign --yes "${TAGS}@${DIGEST}"
         env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
           TAGS: ${{ steps.metadata.outputs.tags }}
           DIGEST: ${{ steps.build_push.outputs.digest }}
diff --git a/.github/workflows/_functionAppDeployTemplate.yml b/.github/workflows/_functionAppDeployTemplate.yml
@@ -63,10 +63,12 @@ jobs:
         id: function_dependencies
         shell: bash
         run: |
-          pushd '${{ inputs.function_directory }}'
+          pushd "${FUNCTION_DIRECTORY}"
           python -m pip install --upgrade pip
           pip install -r requirements.txt --target=".python_packages/lib/site-packages"
           popd
+        env:
+          FUNCTION_DIRECTORY: ${{ inputs.function_directory }}
 
       # Login to Azure
       - name: Azure Login
diff --git a/.github/workflows/_functionAppTestTemplate.yml b/.github/workflows/_functionAppTestTemplate.yml
@@ -40,6 +40,8 @@ jobs:
       - name: Run Python Tests
         id: python_test
         run: |
-          pip install -r ${{ inputs.function_directory }}/requirements.txt -q
+          pip install -r "${FUNCTION_DIRECTORY}/requirements.txt" -q
           pip install -r requirements.txt -q
           pytest
+        env:
+          FUNCTION_DIRECTORY: ${{ inputs.function_directory }}
diff --git a/.github/workflows/_terraformApplyTemplate.yml b/.github/workflows/_terraformApplyTemplate.yml
@@ -82,4 +82,7 @@ jobs:
       - name: Terraform Apply
         working-directory: ${{ inputs.working_directory }}
         run: |
-          terraform apply -var-file vars.${{ inputs.environment }}.tfvars -var='my_secret=${{ secrets.MY_SAMPLE_SECRET }}' -auto-approve -input=false
+          terraform apply -var-file="vars.${ENVIRONMENT}.tfvars" -var="my_secret=${MY_SAMPLE_SECRET}" -auto-approve -input=false
+        env:
+          ENVIRONMENT: ${{ inputs.environment }}
+          MY_SAMPLE_SECRET: ${{ secrets.MY_SAMPLE_SECRET }}
diff --git a/.github/workflows/_terraformPlanTemplate.yml b/.github/workflows/_terraformPlanTemplate.yml
@@ -92,7 +92,10 @@ jobs:
         id: terraform_plan
         working-directory: ${{ inputs.working_directory }}
         run: |
-          terraform plan -var-file vars.${{ inputs.environment }}.tfvars -var='my_secret=${{ secrets.MY_SAMPLE_SECRET }}' -input=false
+          terraform plan -var-file="vars.${ENVIRONMENT}.tfvars" -var="my_secret=${MY_SAMPLE_SECRET}" -input=false
+        env:
+          ENVIRONMENT: ${{ inputs.environment }}
+          MY_SAMPLE_SECRET: ${{ secrets.MY_SAMPLE_SECRET }}
 
       # Add Pull Request Comment
       - name: Add Pull Request Comment
