ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUILD-4733: update secrets to use vault instead of github (#4006)

Browse Source
This commit is contained in:
tomverin 2024-06-26 09:02:57 +02:00 committed by GitHub
parent 9b486fd862
commit 1afa0580c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/update_coverage.yml vendored
View File

@ -5,6 +5,8 @@ on:
jobs: jobs:
update_coverage: update_coverage:
permissions:
id-token: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
TMP_BRANCH: temporary/coverage_update TMP_BRANCH: temporary/coverage_update
@ -93,10 +95,17 @@ jobs:
steps.wait-for-build.outputs.conclusion != 'success' steps.wait-for-build.outputs.conclusion != 'success'
run: exit 1 run: exit 1
- name: get secrets
id: secrets
uses: SonarSource/vault-action-wrapper@3996073b47b49ac5c58c750d27ab4edf469401c8 # 3.0.1
with:
secrets: |
development/kv/data/slack token | slack_token;
- name: 'Notify on slack about the failure' - name: 'Notify on slack about the failure'
if: ${{ failure() }} if: ${{ failure() }}
env: env:
SLACK_API_TOKEN: ${{ secrets.SLACK_API_TOKEN }} SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }}
working-directory: 'rspec/rspec-tools' working-directory: 'rspec/rspec-tools'
run: | run: |
pipenv run rspec-tools notify-failure-on-slack \ pipenv run rspec-tools notify-failure-on-slack \