File tree Expand file tree Collapse file tree 4 files changed +14
-24
lines changed
Expand file tree Collapse file tree 4 files changed +14
-24
lines changed Original file line number Diff line number Diff line change 1818 secrets :
1919 VAULT_ADDR :
2020 required : true
21- CI_SECRET_READER_PERIODIC_TOKEN :
22- required : true
23- VAULTCA :
24- required : true
2521 SLACK_WEBHOOK_URL :
2622 required : true
2723
@@ -44,15 +40,18 @@ jobs:
4440
4541 publish-image :
4642 runs-on : ubuntu-latest
43+ permission :
44+ id-token : write
45+
4746 steps :
4847 - uses : actions/checkout@master
4948
5049 - name : Import Secrets
5150 uses : hashicorp/vault-action@v3
5251 with :
5352 url : ${{ secrets.VAULT_ADDR }}
54- token : ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
55- caCertificate : ${{ secrets.VAULTCA }}
53+ method : jwt
54+ role : github-actions
5655 secrets : |
5756 ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} username | DOCKER_USERNAME ;
5857 ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} password | DOCKER_PASSWORD ;
Original file line number Diff line number Diff line change 2121 secrets :
2222 VAULT_ADDR :
2323 required : true
24- CI_SECRET_READER_PERIODIC_TOKEN :
25- required : true
26- VAULTCA :
27- required : true
2824 SLACK_WEBHOOK_URL :
2925 required : true
3026
@@ -39,15 +35,16 @@ jobs:
3935 timeout-minutes : 15
4036 permissions :
4137 contents : write
38+ id-token : write
4239
4340 steps :
4441 - name : Import Secrets maven
4542 if : ${{ inputs.GLOBAL_FRAMEWORK == 'maven' || inputs.GLOBAL_FRAMEWORK == 'triggered' || inputs.GLOBAL_FRAMEWORK == 'did-science' }}
4643 uses : hashicorp/vault-action@v3
4744 with :
4845 url : ${{ secrets.VAULT_ADDR }}
49- token : ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
50- caCertificate : ${{ secrets.VAULTCA }}
46+ method : jwt
47+ role : github-actions
5148 secrets : |
5249 ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} username | DOCKER_USERNAME ;
5350 ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} password | DOCKER_PASSWORD ;
Original file line number Diff line number Diff line change 2525 secrets :
2626 VAULT_ADDR :
2727 required : true
28- CI_SECRET_READER_PERIODIC_TOKEN :
29- required : true
30- VAULTCA :
31- required : true
3228 SLACK_WEBHOOK_URL :
3329 required : true
3430 DEPLOY_KEY :
3834 release :
3935 runs-on : ubuntu-latest
4036 permissions :
37+ id-token : write
4138 contents : write
4239
4340 steps :
8077 uses : hashicorp/vault-action@v3
8178 with :
8279 url : ${{ secrets.VAULT_ADDR }}
83- token : ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
84- caCertificate : ${{ secrets.VAULTCA }}
80+ method : jwt
81+ role : github-actions
8582 secrets : |
8683 ci/data/gh-workflows/maven-danubetech-nexus username | DANUBETECH_MAVEN_INTERNAL_USERNAME ;
8784 ci/data/gh-workflows/maven-danubetech-nexus password | DANUBETECH_MAVEN_INTERNAL_PASSWORD
Original file line number Diff line number Diff line change 1515 secrets :
1616 VAULT_ADDR :
1717 required : true
18- CI_SECRET_READER_PERIODIC_TOKEN :
19- required : true
20- VAULTCA :
21- required : true
2218 SLACK_WEBHOOK_URL :
2319 required : true
2420
2521jobs :
2622 deploy :
2723 runs-on : ubuntu-latest
2824 permissions :
25+ id-token : write
2926 contents : read
3027
3128 steps :
4643 uses : hashicorp/vault-action@v3
4744 with :
4845 url : ${{ secrets.VAULT_ADDR }}
49- token : ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
50- caCertificate : ${{ secrets.VAULTCA }}
46+ method : jwt
47+ role : github-actions
5148 secrets : |
5249 ci/data/gh-workflows/maven-danubetech-nexus username | DANUBETECH_MAVEN_INTERNAL_USERNAME ;
5350 ci/data/gh-workflows/maven-danubetech-nexus password | DANUBETECH_MAVEN_INTERNAL_PASSWORD
You can’t perform that action at this time.
0 commit comments