sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity

Use ESC for secrets (#594)

Browse Source 
Refs https://github.com/pulumi/ci-mgmt/issues/1481
This commit is contained in:
Bryce Lampe
2025-09-10 09:45:06 -07:00
committed by GitHub
parent 1203c3b31f
commit daa144c232
10 changed files with 62 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/build.yml vendored
View File

@@ -25,17 +25,10 @@ env:
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: us-west-2
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_UPLOAD_ROLE_ARN: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
AZURE_LOCATION: westus
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -43,18 +36,7 @@ env:
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
JAVA_SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
JAVA_SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
JAVA_SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
jobs:
prerequisites:
@@ -197,6 +179,9 @@ jobs:
- name: Test Provider Library
run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0