Use ESC for secrets (#594)

Refs https://github.com/pulumi/ci-mgmt/issues/1481
2025-09-10 09:45:06 -07:00
parent 1203c3b31f
commit daa144c232
10 changed files with 62 additions and 116 deletions
--- a/.github/workflows/community-moderation.yml
+++ b/.github/workflows/community-moderation.yml
@@ -9,9 +9,14 @@ jobs:
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      with:
        persist-credentials: false    
-    - id: esc-secrets
-      name: Map environment to ESC outputs
-      uses: ./.github/actions/esc-action
+    - env:
+        ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
+        ESC_ACTION_OIDC_AUTH: "true"
+        ESC_ACTION_OIDC_ORGANIZATION: pulumi
+        ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
+      id: esc-secrets
+      name: Fetch secrets from ESC
+      uses: pulumi/esc-action@v1
    - id: schema_changed
      name: Check for diff in schema
      uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2