Skip to content

Commit 37a799a

Browse files
sethvargosethvargo
authored
Switch to pull non-secret values from env (#436)
1 parent ca6ada7 commit 37a799a

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

.github/workflows/cleanup.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ jobs:
1818

1919
- uses: 'google-github-actions/auth@main'
2020
with:
21-
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
22-
service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
21+
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
22+
service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
2323

2424
- uses: 'google-github-actions/setup-gcloud@main'
2525

2626
- name: Delete services
2727
run: |-
28-
gcloud config set core/project "${{ secrets.PROJECT_ID }}"
28+
gcloud config set core/project "${{ vars.PROJECT_ID }}"
2929
gcloud config set run/region "us-central1"
3030
3131
# List and delete all services that were deployed 30 minutes ago or

.github/workflows/integration.yml

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ jobs:
4848

4949
- uses: 'google-github-actions/auth@main'
5050
with:
51-
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
52-
service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
51+
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
52+
service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
5353

5454
- id: 'deploy-cloudrun'
5555
name: 'Deploy'
@@ -63,8 +63,8 @@ jobs:
6363
ZIP=zap
6464
env_vars_file: './tests/fixtures/env_vars.txt'
6565
secrets: |-
66-
MY_SECRET=${{ secrets.SECRET_NAME }}:latest
67-
MY_SECOND_SECRET=${{ secrets.SECRET_NAME }}:1
66+
MY_SECRET=${{ vars.SECRET_NAME }}:latest
67+
MY_SECOND_SECRET=${{ vars.SECRET_NAME }}:1
6868
labels: |-
6969
label1=value1
7070
label2=value2
@@ -73,10 +73,10 @@ jobs:
7373

7474
- run: 'npm run e2e-tests'
7575
env:
76-
PROJECT_ID: ${{ secrets.PROJECT_ID }}
76+
PROJECT_ID: ${{ vars.PROJECT_ID }}
7777
SERVICE: '${{ env.SERVICE_NAME }}'
7878
ENV: 'FOO=bar,ZIP=zap,TEXT_FOO=bar,TEXT_ZIP=zap'
79-
SECRET_ENV: MY_SECRET=${{ secrets.SECRET_NAME }}:latest,MY_SECOND_SECRET=${{ secrets.SECRET_NAME }}:1
79+
SECRET_ENV: MY_SECRET=${{ vars.SECRET_NAME }}:latest,MY_SECOND_SECRET=${{ vars.SECRET_NAME }}:1
8080
PARAMS: '{"cpu":2, "containerConcurrency":20}'
8181
LABELS: '{"label1":"value1", "label2":"value2"}'
8282

@@ -90,15 +90,15 @@ jobs:
9090
env_vars: |-
9191
ABC=123
9292
DEF=456
93-
secrets: /api/secrets/my-secret=${{ secrets.SECRET_NAME }}:latest
93+
secrets: /api/secrets/my-secret=${{ vars.SECRET_NAME }}:latest
9494

9595
- run: 'npm run e2e-tests'
9696
env:
97-
PROJECT_ID: ${{ secrets.PROJECT_ID }}
97+
PROJECT_ID: ${{ vars.PROJECT_ID }}
9898
SERVICE: '${{ env.SERVICE_NAME }}'
9999
ENV: 'FOO=bar,ZIP=zap,TEXT_FOO=bar,TEXT_ZIP=zap,ABC=123,DEF=456'
100-
SECRET_ENV: MY_SECRET=${{ secrets.SECRET_NAME }}:latest,MY_SECOND_SECRET=${{ secrets.SECRET_NAME }}:1
101-
SECRET_VOLUMES: /api/secrets/my-secret=${{ secrets.SECRET_NAME }}:latest
100+
SECRET_ENV: MY_SECRET=${{ vars.SECRET_NAME }}:latest,MY_SECOND_SECRET=${{ vars.SECRET_NAME }}:1
101+
SECRET_VOLUMES: /api/secrets/my-secret=${{ vars.SECRET_NAME }}:latest
102102
PARAMS: '{"cpu":2, "containerConcurrency":20}'
103103
LABELS: '{"label1":"value1", "label2":"value2", "commit-sha":"${{ github.sha }}", "managed-by":"github-actions"}'
104104
REVISION_COUNT: 2
@@ -126,8 +126,8 @@ jobs:
126126

127127
- uses: 'google-github-actions/auth@main'
128128
with:
129-
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
130-
service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
129+
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
130+
service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
131131

132132
- id: 'deploy-cloudrun'
133133
name: 'Deploy'
@@ -137,7 +137,7 @@ jobs:
137137

138138
- run: 'npm run e2e-tests'
139139
env:
140-
PROJECT_ID: '${{ secrets.PROJECT_ID }}'
140+
PROJECT_ID: '${{ vars.PROJECT_ID }}'
141141
SERVICE: '${{ env.SERVICE_NAME }}'
142142
PARAMS: '{"cpu":2, "memory":"1Gi", "containerConcurrency":20}'
143143
ANNOTATIONS: '{"run.googleapis.com/cloudsql-instances":"test-project:us-central1:my-test-instance"}'
@@ -152,7 +152,7 @@ jobs:
152152

153153
- run: 'npm run e2e-tests' # Check that config isn't overwritten
154154
env:
155-
PROJECT_ID: '${{ secrets.PROJECT_ID }}'
155+
PROJECT_ID: '${{ vars.PROJECT_ID }}'
156156
SERVICE: '${{ env.SERVICE_NAME }}'
157157
PARAMS: '{"cpu":2, "memory":"1Gi", "containerConcurrency":20}'
158158
ANNOTATIONS: '{"run.googleapis.com/cloudsql-instances":"test-project:us-central1:my-test-instance"}'

0 commit comments

Comments
 (0)