Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: refer to repo secrets in an early secret step #17690

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
refer to repo secrets in an early secret step
instead of referring to top-level secrets context
all throughout workflows, so they're easier to
replace in ENT with Vault, with less risk of
confusing oss->ent mergeflicts
  • Loading branch information
gulducat committed Jun 22, 2023
commit bcb922f8e76444880c174725434d09c075caf137
14 changes: 11 additions & 3 deletions .github/workflows/backport.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ jobs:
runs-on: ubuntu-latest
container: hashicorpdev/backport-assistant:0.2.3
steps:
- name: Setup secrets
id: secrets
run: |-
echo "GITHUB_TOKEN=${{ secrets.ELEVATED_GITHUB_TOKEN }}" >> "$GITHUB_OUTPUT"
- name: Backport changes to stable-website
run: |
backport-assistant backport -merge-method=squash -automerge
Expand All @@ -21,7 +25,7 @@ jobs:
BACKPORT_TARGET_TEMPLATE: "stable-{{.target}}"
# Enabling this option increased the number of backport failures.
BACKPORT_MERGE_COMMIT: false
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
- name: Backport changes to targeted release branch
run: |
backport-assistant backport -merge-method=squash -automerge
Expand All @@ -30,13 +34,17 @@ jobs:
BACKPORT_TARGET_TEMPLATE: "release/{{.target}}"
# Enabling this option increased the number of backport failures.
BACKPORT_MERGE_COMMIT: false
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
handle-failure:
needs:
- backport
if: always() && needs.backport.result == 'failure'
runs-on: ubuntu-latest
steps:
- name: Setup secrets
id: secrets
run: |-
echo "SLACK_URL=${{ secrets.BACKPORT_ASSISTANT_FAILURE_SLACK }}" >> "$GITHUB_OUTPUT"
- name: Send slack notification on failure
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
with:
Expand Down Expand Up @@ -69,7 +77,7 @@ jobs:
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.BACKPORT_ASSISTANT_FAILURE_SLACK }}
SLACK_WEBHOOK_URL: ${{ steps.secrets.outputs.SLACK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
permissions:
contents: read
Expand Down
11 changes: 8 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ jobs:
echo "::error::Workflow not allowed to run from ${{ github.ref_name }}"
exit 1

- name: Setup secrets
id: secrets
run: |-
echo "GITHUB_TOKEN=${{ secrets.ELEVATED_GITHUB_TOKEN }}" >> "$GITHUB_OUTPUT"

- name: Print release info
run: |-
echo "::notice::Release v${{ github.event.inputs.version }} from branch ${{ github.ref_name }}"
Expand All @@ -55,8 +60,8 @@ jobs:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup Git
run: |-
if [ -n "${{ secrets.ELEVATED_GITHUB_TOKEN }}" ]; then
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com/".insteadOf "https://github.com"
if [ -n "${{ steps.secrets.outputs.GITHUB_TOKEN }}" ]; then
git config --global url."https://${{ steps.secrets.outputs.GITHUB_TOKEN }}:@github.com/".insteadOf "https://github.com"
fi
git config --global user.email "github-team-nomad-core@hashicorp.com"
git config --global user.name "hc-github-team-nomad-core"
Expand Down Expand Up @@ -141,7 +146,7 @@ jobs:
- name: Invoke build workflow
id: invoke-build
env:
GH_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
GH_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
run: |
gh workflow run build.yml --field build-ref=${{ steps.commit-change-push.outputs.build-ref }} --field make-prerelease=false

Expand Down
12 changes: 10 additions & 2 deletions .github/workflows/test-ui.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,16 @@ jobs:
partition: [1, 2, 3, 4]
split: [4]
steps:
- name: Setup secrets
id: secrets
run: |-
echo "PERCY_TOKEN=${{ secrets.PERCY_TOKEN }}" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: yarn install
run: yarn install --frozen-lockfile
- name: ember exam
env:
PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }}
PERCY_TOKEN: ${{ steps.secrets.outputs.PERCY_TOKEN }}
PERCY_PARALLEL_NONCE: ${{ needs.pre-test.outputs.nonce }}
run: yarn exam:parallel --split=${{ matrix.split }} --partition=${{ matrix.partition }}
finalize:
Expand All @@ -88,12 +92,16 @@ jobs:
- pre-test
- tests
steps:
- name: Setup secrets
id: secrets
run: |-
echo "PERCY_TOKEN=${{ secrets.PERCY_TOKEN }}" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: yarn install
run: yarn install --frozen-lockfile
- name: finalize
env:
PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }}
PERCY_TOKEN: ${{ steps.secrets.outputs.PERCY_TOKEN }}
PERCY_PARALLEL_NONCE: ${{ needs.pre-test.outputs.nonce }}
run: yarn percy build:finalize
permissions:
Expand Down