sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity
Files
382eff5762982e11e7b0429a8c49ccd0e2c885e9
pulumi-docker-build/.github/workflows/export-repo-secrets.yml
Pulumi Bot 382eff5762 [internal] Update GitHub Actions workflow files
2025-12-05 05:37:15 +00:00

26 lines
1.0 KiB
YAML
Raw Blame History

permissions: write-all # Equivalent to default permissions plus id-token: write
name: Export secrets to ESC
on: [workflow_dispatch]
jobs:
export-to-esc:
runs-on: ubuntu-latest
name: export GitHub secrets to ESC
steps:
- name: Generate a GitHub token
id: generate-token
uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2
with:
app-id: 1256780 # Export Secrets GitHub App
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
- name: Export secrets to ESC
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1
with:
organization: pulumi
org-environment: imports/github-secrets
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
github-token: ${{ steps.generate-token.outputs.token }}
oidc-auth: true
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
env:
GITHUB_SECRETS: ${{ toJSON(secrets) }}
View Git Blame Copy Permalink