Migrate some secrets to vars (#35)

* switch branch

* update linter

* move DV_AWS_REGION to vars

* migrate devops and qms to vars

* update super linter

* update seuper linter

* get DV_AWS_ECR_ROLE

* skip image scan

* fix lint

* migrate remaining

* remove logs

* revert branches

Author: dvvanessastoiber

.github/actions/lint-github-actions/action.yml

@@ -9,7 +9,7 @@ runs:
       run: |
         sudo apt-get install -y shellcheck
         echo "::add-matcher::$GITHUB_ACTION_PATH/actionlint-matcher.json"
-        bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.22/scripts/download-actionlint.bash)
+        bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.26/scripts/download-actionlint.bash)
         ./actionlint -color
       shell: bash
 

.github/workflows/build-product.yml

@@ -129,8 +129,8 @@ jobs:
       - name: retag images
         uses: ./tmp/github-workflows/.github/actions/retag-image
         with:
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_region: ${{ secrets.DV_AWS_REGION }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_region: ${{ vars.DV_AWS_REGION }}
           ecr_repositories: ${{ needs.prepare-build.outputs.ecr_repos }}
           current_image_tag: ${{ needs.prepare-build.outputs.image_tag1 }}
           additional_image_tag: ${{ needs.prepare-build.outputs.image_tag2 }}

.github/workflows/build-push-docker.yml

@@ -53,9 +53,9 @@ jobs:
           path: ./tmp/github-workflows
       - uses: ./tmp/github-workflows/.github/actions/build-push-image
         with:
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_region: ${{ secrets.DV_AWS_REGION }}
-          ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_region: ${{ vars.DV_AWS_REGION }}
+          ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }}
           ecr_repository: ${{ inputs.ecr_repository || secrets.DV_ECR_REPOSITORY }}
           docker_file: ${{ inputs.docker_file }}
           current_directory: ${{ inputs.current_directory }}

.github/workflows/build-push-helm-chart.yml

@@ -47,7 +47,7 @@ jobs:
           path: ./tmp/github-workflows
       - uses: ./tmp/github-workflows/.github/actions/build-push-helm-chart
         with:
-          chart_repository_url: ${{ inputs.chart_repository_url || secrets.DV_CHARTMUSEUM_URL }}
+          chart_repository_url: ${{ inputs.chart_repository_url || vars.DV_CHARTMUSEUM_URL }}
           chart_repository_username: ${{ secrets.DV_CHARTMUSEUM_USER }}
           chart_repository_password: ${{ secrets.DV_CHARTMUSEUM_PASSWORD }}
           current_directory: ${{ inputs.current_directory }}

.github/workflows/build-single-product-part.yml

@@ -223,9 +223,9 @@ jobs:
       # checkout this workflow repository to get actions
       - uses: ./tmp/github-workflows/.github/actions/build-push-image
         with:
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_region: ${{ secrets.DV_AWS_REGION }}
-          ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_region: ${{ vars.DV_AWS_REGION }}
+          ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }}
           ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }}
           docker_file: ./tmp/${{ inputs.component }}/${{ steps.get-parameters.outputs.app }}/docker/Dockerfile
           current_directory: ./tmp/${{ inputs.component }}/${{ steps.get-parameters.outputs.app }}
@@ -250,9 +250,9 @@ jobs:
         id: get-ecr-scan-result
         uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result
         with:
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_region: ${{ secrets.DV_AWS_REGION }}
-          ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_region: ${{ vars.DV_AWS_REGION }}
+          ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }}
           ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }}
           image_tag: ${{ inputs.image_tag1 }}
       - name: check scan results

.github/workflows/build-workspace-product-part.yml

@@ -294,9 +294,9 @@ jobs:
       # checkout this workflow repository to get actions
       - uses: ./tmp/github-workflows/.github/actions/build-push-image
         with:
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_region: ${{ secrets.DV_AWS_REGION }}
-          ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_region: ${{ vars.DV_AWS_REGION }}
+          ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }}
           ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }}
           docker_file: ./tmp/${{ inputs.component }}/docker/Dockerfile
           current_directory: ./tmp/${{ inputs.component }}
@@ -321,9 +321,9 @@ jobs:
         id: get-ecr-scan-result
         uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result
         with:
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_region: ${{ secrets.DV_AWS_REGION }}
-          ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_region: ${{ vars.DV_AWS_REGION }}
+          ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }}
           ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }}
           image_tag: ${{ inputs.image_tag1 }}
       - name: check scan results

.github/workflows/deploy-product.yml

@@ -66,8 +66,8 @@ jobs:
           path: ./tmp/github-workflows
       - uses: ./tmp/github-workflows/.github/actions/check-actor
         with:
-          dv_devops: ${{ secrets.DV_DEVOPS }}
-          dv_qms: ${{ secrets.DV_QMS }}
+          dv_devops: ${{ vars.DV_DEVOPS }}
+          dv_qms: ${{ vars.DV_QMS }}
           actor: ${{ github.actor }}
           qms_are_allowed: "true"
       - uses: ./tmp/github-workflows/.github/actions/get-product-parameters
@@ -90,9 +90,9 @@ jobs:
         if: ${{ inputs.add_revision_as_tag == true }}
         uses: aws-actions/[email protected]
         with:
-          role-to-assume: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws_role: ${{ secrets.DV_AWS_ECR_ROLE }}
-          aws-region: ${{ secrets.DV_AWS_REGION }}
+          role-to-assume: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws_role: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws-region: ${{ vars.DV_AWS_REGION }}
       - name: Login to Amazon ECR
         if: ${{ inputs.add_revision_as_tag == true }}
         id: login-ecr

.github/workflows/lint.yml

@@ -23,7 +23,7 @@ jobs:
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
-        uses: github/super-linter/slim@v4
+        uses: super-linter/super-linter/slim@v5
         env:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_BASH: true

.github/workflows/publish-node-python.yml

@@ -57,7 +57,7 @@ jobs:
           path: ./tmp/github-workflows
       - uses: ./tmp/github-workflows/.github/actions/check-actor
         with:
-          dv_devops: ${{ secrets.DV_DEVOPS }}
+          dv_devops: ${{ vars.DV_DEVOPS }}
           actor: ${{ github.actor }}
           qms_are_allowed: "false"
       - uses: ./tmp/github-workflows/.github/actions/build-node
@@ -87,7 +87,7 @@ jobs:
           path: ./tmp/github-workflows
       - uses: ./tmp/github-workflows/.github/actions/check-actor
         with:
-          dv_devops: ${{ secrets.DV_DEVOPS }}
+          dv_devops: ${{ vars.DV_DEVOPS }}
           actor: ${{ github.actor }}
           qms_are_allowed: "false"
       - uses: ./tmp/github-workflows/.github/actions/build-python

.github/workflows/publish-node.yml

@@ -48,7 +48,7 @@ jobs:
           path: ./tmp/github-workflows
       - uses: ./tmp/github-workflows/.github/actions/check-actor
         with:
-          dv_devops: ${{ secrets.DV_DEVOPS }}
+          dv_devops: ${{ vars.DV_DEVOPS }}
           actor: ${{ github.actor }}
           qms_are_allowed: "false"
       - uses: ./tmp/github-workflows/.github/actions/build-node