Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-18 02:11:22 +01:00
Code Issues Projects Releases Wiki Activity

Update deprecated Azure Key Vault in workflows (#2214)

Browse Source
This commit is contained in:
Michał Chęciński 2022-09-29 22:29:58 +02:00 committed by GitHub
parent 53f6ec0a71
commit 13e33cd789
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 50 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
.github/workflows/build.yml vendored
View File

@ -321,13 +321,20 @@ jobs:
github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/rc' ||
github.ref == 'refs/heads/hotfix-rc') github.ref == 'refs/heads/hotfix-rc')
id: retrieve-secrets id: retrieve-secrets
uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f env:
with: KEYVAULT: bitwarden-prod-kv
keyvault: "bitwarden-prod-kv" SECRETS: |
secrets: "docker-password, docker-password,
docker-username, docker-username,
dct-delegate-2-repo-passphrase, dct-delegate-2-repo-passphrase,
dct-delegate-2-key" dct-delegate-2-key
run: |
for i in ${SECRETS//,/ }
do
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
echo "::add-mask::$VALUE"
echo "::set-output name=$i::$VALUE"
done
- name: Log into Docker - name: Log into Docker
if: | if: |
@ -510,13 +517,20 @@ jobs:
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets - name: Retrieve Secrets
id: retrieve-secrets id: retrieve-secrets
uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
if: failure() if: failure()
with: env:
keyvault: "bitwarden-prod-kv" KEYVAULT: bitwarden-prod-kv
secrets: "devops-alerts-slack-webhook-url" SECRETS: |
devops-alerts-slack-webhook-url
run: |
for i in ${SECRETS//,/ }
do
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
echo "::add-mask::$VALUE"
echo "::set-output name=$i::$VALUE"
done
- name: Notify Slack on failure - name: Notify Slack on failure
uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.2.2 uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.2.2

15
.github/workflows/container-registry-purge.yml vendored
View File

@ -81,11 +81,18 @@ jobs:
- name: Retrieve secrets - name: Retrieve secrets
id: retrieve-secrets id: retrieve-secrets
uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
if: failure() if: failure()
with: env:
keyvault: "bitwarden-prod-kv" KEYVAULT: bitwarden-prod-kv
secrets: "devops-alerts-slack-webhook-url" SECRETS: |
devops-alerts-slack-webhook-url
run: |
for i in ${SECRETS//,/ }
do
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
echo "::add-mask::$VALUE"
echo "::set-output name=$i::$VALUE"
done
- name: Notify Slack on failure - name: Notify Slack on failure
uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33

17
.github/workflows/qa-deploy.yml vendored
View File

@ -38,12 +38,19 @@ jobs:
- name: Retrieve secrets - name: Retrieve secrets
id: retrieve-secrets id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 env:
with: KEYVAULT: bitwarden-qa-kv
keyvault: "bitwarden-qa-kv" SECRETS: |
secrets: "mssql-server-host, mssql-server-host,
mssql-admin-login, mssql-admin-login,
mssql-admin-login-password" mssql-admin-login-password
run: |
for i in ${SECRETS//,/ }
do
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
echo "::add-mask::$VALUE"
echo "::set-output name=$i::$VALUE"
done
- name: Migrate database - name: Migrate database
env: env: