Skip to content

Commit 52ee5d4

Browse files
ankur-jain-nhsankur-jain-nhs
committed
VIA-598 AJ/AS WIP pass secrets from workflow to action
1 parent 14e6149 commit 52ee5d4

File tree

2 files changed

+19
-4
lines changed

2 files changed

+19
-4
lines changed

.github/actions/deploy/action.yml

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,15 @@ inputs:
88
tag_or_sha_to_deploy:
99
description: "Commit sha or tag to deploy"
1010
required: true
11+
secret_aws_iam_role:
12+
description: "AWS IAM role"
13+
required: true
14+
secret_aws_account_id:
15+
description: "AWS account id"
16+
required: true
17+
secret_aws_slack_channel_id:
18+
description: "AWS slack channel id"
19+
required: true
1120

1221
runs:
1322
using: composite
@@ -38,17 +47,17 @@ runs:
3847
uses: aws-actions/configure-aws-credentials@v5
3948
with:
4049
role-session-name: GitHubActionsSession
41-
role-to-assume: ${{ secrets.IAM_ROLE }}
50+
role-to-assume: ${{ inputs.secret_aws_account_id }}
4251
aws-region: eu-west-2
4352

4453
- name: "Download artefacts from S3 bucket"
4554
shell: bash
4655
run: |
4756
if [[ "${{ inputs.environment }}" == "dev" ]]; then
48-
bucket_name="vita-${{ secrets.AWS_ACCOUNT_ID }}-artefacts-${{ inputs.environment }}"
57+
bucket_name="vita-${{ inputs.secret_aws_account_id }}-artefacts-${{ inputs.environment }}"
4958
folder_name="sha"
5059
else
51-
bucket_name="vita-${{ secrets.AWS_ACCOUNT_ID }}-releases-${{ inputs.environment }}"
60+
bucket_name="vita-${{ inputs.secret_aws_account_id }}-releases-${{ inputs.environment }}"
5261
folder_name="tag"
5362
5463
s3_artefacts_path="s3://${bucket_name}/${folder_name}/${{ steps.tag-or-sha.outputs.value }}"
@@ -65,7 +74,7 @@ runs:
6574
shell: bash
6675
run: |
6776
echo "TF_VAR_is_github_action=true" >> $GITHUB_ENV
68-
echo "TF_VAR_alarms_slack_channel_id=${{ secrets.ALARMS_SLACK_CHANNEL_ID }}" >> $GITHUB_ENV
77+
echo "TF_VAR_alarms_slack_channel_id=${{ inputs.secret_aws_slack_channel_id }}" >> $GITHUB_ENV
6978
echo "TF_VAR_app_version=${{ steps.tag-or-sha.outputs.value }}" >> $GITHUB_ENV
7079
7180
- name: "Terraform init (iam)"

.github/workflows/cicd-9-scheduled-wip.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,9 @@ jobs:
5050
with:
5151
environment: "preprod"
5252
tag_or_sha_to_deploy: ${{ steps.get-latest-tag-name.outputs.value }}
53+
secret_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
54+
secret_aws_iam_role: ${{ secrets.IAM_ROLE }}
55+
secret_aws_slack_channel_id: ${{ secrets.ALARMS_SLACK_CHANNEL_ID }}
5356

5457
deploy-and-test-main:
5558
name: "Main Branch Assurance"
@@ -90,3 +93,6 @@ jobs:
9093
with:
9194
environment: "preprod"
9295
tag_or_sha_to_deploy: ${{ steps.get-latest-tag-name.outputs.value }}
96+
secret_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
97+
secret_aws_iam_role: ${{ secrets.IAM_ROLE }}
98+
secret_aws_slack_channel_id: ${{ secrets.ALARMS_SLACK_CHANNEL_ID }}

0 commit comments

Comments
 (0)