ci: testing secrets redaction (#6)

tanderson-ld · web-flow · commit 69df5c75396c · 2024-04-25T11:21:33.000-05:00
Adds a temporary echo step to test redaction of parameters
diff --git a/.github/actions/ci/action.yml b/.github/actions/ci/action.yml
@@ -17,6 +17,8 @@ inputs:
     description: 'The Java distribution to use.'
     required: false
     default: 'temurin'
+  echo_test:
+    required: false
 
 runs:
   using: composite
@@ -26,6 +28,10 @@ runs:
       with:
         distribution: ${{ inputs.java_distribution }}
         java-version: ${{ inputs.java_version }}
+
+    -name: Echo Test
+      shell: bash
+      run: echo ${{ inputs.echo_test }}
         
     - name: Restore dependencies
       shell: bash
diff --git a/.github/workflows/java-server-sdk-otel.yml b/.github/workflows/java-server-sdk-otel.yml
@@ -16,8 +16,19 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.1.0
+        name: Get secrets
+        with:
+          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
+          ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME,
+          /production/common/releasing/sonatype/password = SONATYPE_PASSWORD,
+          /production/common/releasing/android_code_signing/private_key_id = SIGNING_KEY_ID,
+          /production/common/releasing/android_code_signing/private_key_passphrase = SIGNING_KEY_PASSPHRASE'
+          s3_path_pairs: 'launchdarkly-releaser/android/code-signing-keyring.gpg = code-signing-keyring.gpg'
+
       - name: Shared CI Steps
         uses: ./.github/actions/ci
         with:
           workspace_path: 'lib/java-server-sdk-otel'
           java_version: 8
+          echo_test: ${{ env.SIGNING_KEY_ID }}
