Merge pull request #7 from ugns/jbouse-patch-1

jbouse · web-flow · commit bf4ad06693c1 · 2022-04-06T23:39:14.000-04:00
chore: update to use GitHub Secrets
diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml
@@ -16,26 +16,13 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    # Collect necessary secrets from Vault
-    - name: Vault Secrets
-      uses: hashicorp/vault-action@v2.4.0
-      with:
-        url: ${{ secrets.VAULT_ADDR }}
-        method: jwt
-        role: github-actions
-        path: github
-        secrets: |
-          secret/data/actions/github app_id | GH_APP_ID ;
-          secret/data/actions/github installation_id | GH_INSTALLATION_ID ;
-          secret/data/actions/github private_key | GH_PRIVATE_KEY
-
     - name: Generate token
       id: generate_token
       uses: tibdex/github-app-token@v1
       with:
-        app_id: ${{ env.GH_APP_ID }}
-        private_key: ${{ env.GH_PRIVATE_KEY }}
-        installation_id: ${{ env.GH_INSTALLATION_ID }}
+        app_id: ${{ secrets.GH_APP_ID }}
+        private_key: ${{ secrets.GH_PRIVATE_KEY }}
+        installation_id: ${{ secrets.GH_INSTALLATION_ID }}
 
     - name: Update context.tf
       shell: bash
diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml
@@ -13,26 +13,13 @@ jobs:
       contents: read
 
     steps:
-    # Collect necessary secrets from Vault
-    - name: Vault Secrets
-      uses: hashicorp/vault-action@v2.4.0
-      with:
-        url: ${{ secrets.VAULT_ADDR }}
-        method: jwt
-        role: github-actions
-        path: github
-        secrets: |
-          secret/data/actions/github app_id | GH_APP_ID ;
-          secret/data/actions/github installation_id | GH_INSTALLATION_ID ;
-          secret/data/actions/github private_key | GH_PRIVATE_KEY
-
     - name: Generate token
       id: generate_token
       uses: tibdex/github-app-token@v1
       with:
-        app_id: ${{ env.GH_APP_ID }}
-        private_key: ${{ env.GH_PRIVATE_KEY }}
-        installation_id: ${{ env.GH_INSTALLATION_ID }}
+        app_id: ${{ secrets.GH_APP_ID }}
+        private_key: ${{ secrets.GH_PRIVATE_KEY }}
+        installation_id: ${{ secrets.GH_INSTALLATION_ID }}
 
     # Checkout the pull request branch
     #  "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
@@ -16,26 +16,13 @@ jobs:
       contents: read
 
     steps:
-      # Collect necessary secrets from Vault
-      - name: Vault Secrets
-        uses: hashicorp/vault-action@v2.4.0
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: jwt
-          role: github-actions
-          path: github
-          secrets: |
-            secret/data/actions/github app_id | GH_APP_ID ;
-            secret/data/actions/github installation_id | GH_INSTALLATION_ID ;
-            secret/data/actions/github private_key | GH_PRIVATE_KEY
-
       - name: Generate token
         id: generate_token
         uses: tibdex/github-app-token@v1
         with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_PRIVATE_KEY }}
-          installation_id: ${{ env.GH_INSTALLATION_ID }}
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_PRIVATE_KEY }}
+          installation_id: ${{ secrets.GH_INSTALLATION_ID }}
 
      # Get PR from merged commit to master
       - uses: actions-ecosystem/action-get-merged-pull-request@v1
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
@@ -13,26 +13,14 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-    # Collect necessary secrets from Vault
-      - name: Vault Secrets
-        uses: hashicorp/vault-action@v2.4.0
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: jwt
-          role: github-actions
-          path: github
-          secrets: |
-            secret/data/actions/github app_id | GH_APP_ID ;
-            secret/data/actions/github installation_id | GH_INSTALLATION_ID ;
-            secret/data/actions/github private_key | GH_PRIVATE_KEY
 
       - name: Generate token
         id: generate_token
         uses: tibdex/github-app-token@v1
         with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_PRIVATE_KEY }}
-          installation_id: ${{ env.GH_INSTALLATION_ID }}
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_PRIVATE_KEY }}
+          installation_id: ${{ secrets.GH_INSTALLATION_ID }}
 
       - name: "Handle common commands"
         uses: ugns/actions/github/slash-command-dispatch@1.0.0
@@ -55,26 +43,13 @@ jobs:
       - name: "Checkout commit"
         uses: actions/checkout@v3
 
-      # Collect necessary secrets from Vault
-      - name: Vault Secrets
-        uses: hashicorp/vault-action@v2.4.0
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: jwt
-          role: github-actions
-          path: github
-          secrets: |
-            secret/data/actions/github app_id | GH_APP_ID ;
-            secret/data/actions/github installation_id | GH_INSTALLATION_ID ;
-            secret/data/actions/github private_key | GH_PRIVATE_KEY
-
       - name: Generate token
         id: generate_token
         uses: tibdex/github-app-token@v1
         with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_PRIVATE_KEY }}
-          installation_id: ${{ env.GH_INSTALLATION_ID }}
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_PRIVATE_KEY }}
+          installation_id: ${{ secrets.GH_INSTALLATION_ID }}
 
       - name: "Run tests"
         uses: ugns/actions/github/slash-command-dispatch@1.0.0
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
@@ -16,26 +16,13 @@ jobs:
     - name: "Checkout source code at current commit"
       uses: actions/checkout@v3
 
-    # Collect necessary secrets from Vault
-    - name: Vault Secrets
-      uses: hashicorp/vault-action@v2.4.0
-      with:
-        url: ${{ secrets.VAULT_ADDR }}
-        method: jwt
-        role: github-actions
-        path: github
-        secrets: |
-          secret/data/actions/github app_id | GH_APP_ID ;
-          secret/data/actions/github installation_id | GH_INSTALLATION_ID ;
-          secret/data/actions/github private_key | GH_PRIVATE_KEY
-
     - name: Generate token
       id: generate_token
       uses: tibdex/github-app-token@v1
       with:
-        app_id: ${{ env.GH_APP_ID }}
-        private_key: ${{ env.GH_PRIVATE_KEY }}
-        installation_id: ${{ env.GH_INSTALLATION_ID }}
+        app_id: ${{ secrets.GH_APP_ID }}
+        private_key: ${{ secrets.GH_PRIVATE_KEY }}
+        installation_id: ${{ secrets.GH_INSTALLATION_ID }}
 
     - uses: mszostok/codeowners-validator@v0.7.1
       if: github.event.pull_request.head.repo.full_name == github.repository
