Skip to content

Commit a59b4bf

Browse files
AlexFenlonpdabelf5
AlexFenlon
authored and
pdabelf5
committed
Migrate CODECOV to Azure Vault
1 parent afabb02 commit a59b4bf

File tree

2 files changed

+55
-2
lines changed

2 files changed

+55
-2
lines changed

.github/workflows/ci.yml

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -248,6 +248,9 @@ jobs:
248248
unit-tests:
249249
name: Unit Tests
250250
runs-on: ubuntu-24.04
251+
permissions:
252+
contents: read
253+
id-token: write
251254
needs: checks
252255
env:
253256
GOPROXY: ${{ needs.checks.outputs.go_proxy }}
@@ -260,6 +263,23 @@ jobs:
260263
with:
261264
version: 'v3.18.6'
262265

266+
- name: Azure login
267+
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
268+
with:
269+
client-id: ${{ secrets.AZURE_VAULT_CLIENT_ID }}
270+
tenant-id: ${{ secrets.AZURE_VAULT_TENANT_ID }}
271+
subscription-id: ${{ secrets.AZURE_VAULT_SUBSCRIPTION_ID }}
272+
if: ${{ inputs.force || (needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true') }}
273+
274+
- name: Setup secrets
275+
id: secrets
276+
run: |
277+
echo "Setting secrets for job"
278+
CODECOV_TOKEN=$(az keyvault secret show --name code-cov --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
279+
echo "::add-mask::$CODECOV_TOKEN"
280+
echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> $GITHUB_OUTPUT
281+
if: ${{ inputs.force || (needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true') }}
282+
263283
- name: Setup Golang Environment
264284
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
265285
with:
@@ -284,7 +304,7 @@ jobs:
284304
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
285305
with:
286306
files: ./coverage.txt
287-
token: ${{ secrets.CODECOV_TOKEN }} # required
307+
token: ${{ steps.secrets.outputs.CODECOV_TOKEN }} # required
288308
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && (inputs.run_tests && inputs.run_tests || true) }}
289309

290310
- name: Run static check

.github/workflows/regression.yml

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,13 +83,31 @@ jobs:
8383
unit-tests:
8484
name: Unit Tests
8585
runs-on: ubuntu-24.04
86+
permissions:
87+
contents: read
88+
id-token: write
8689
needs: [checks]
8790
steps:
8891
- name: Checkout Repository
8992
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
9093
with:
9194
ref: ${{ needs.checks.outputs.branch }}
9295

96+
- name: Azure login
97+
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
98+
with:
99+
client-id: ${{ secrets.AZURE_VAULT_CLIENT_ID }}
100+
tenant-id: ${{ secrets.AZURE_VAULT_TENANT_ID }}
101+
subscription-id: ${{ secrets.AZURE_VAULT_SUBSCRIPTION_ID }}
102+
103+
- name: Setup secrets
104+
id: secrets
105+
run: |
106+
echo "Setting secrets for job"
107+
CODECOV_TOKEN=$(az keyvault secret show --name code-cov --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
108+
echo "::add-mask::$CODECOV_TOKEN"
109+
echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> $GITHUB_OUTPUT
110+
93111
- name: Setup Helm
94112
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
95113
with:
@@ -107,7 +125,7 @@ jobs:
107125
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
108126
with:
109127
files: ./coverage.txt
110-
token: ${{ secrets.CODECOV_TOKEN }} # required
128+
token: ${{ steps.secrets.outputs.CODECOV_TOKEN }} # required
111129

112130
helm-tests:
113131
name: Helm Tests ${{ matrix.base-os }}
@@ -139,6 +157,21 @@ jobs:
139157
with:
140158
version: 'v3.18.6'
141159

160+
- name: Azure login
161+
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
162+
with:
163+
client-id: ${{ secrets.AZURE_VAULT_CLIENT_ID }}
164+
tenant-id: ${{ secrets.AZURE_VAULT_TENANT_ID }}
165+
subscription-id: ${{ secrets.AZURE_VAULT_SUBSCRIPTION_ID }}
166+
167+
- name: Setup secrets
168+
id: secrets
169+
run: |
170+
echo "Setting secrets for job"
171+
CODECOV_TOKEN=$(az keyvault secret show --name codecov-token --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
172+
echo "::add-mask::$CODECOV_TOKEN"
173+
echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> $GITHUB_OUTPUT
174+
142175
- name: Authenticate to Google Cloud
143176
id: auth
144177
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0

0 commit comments

Comments
 (0)