sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity
Files
81ceb1de05e8a76c5e9766c53022c16375d5ad6d
pulumi-docker-build/.github/workflows/export-repo-secrets.yml
Pulumi Bot 81ceb1de05 [internal] Update GitHub Actions workflow files
2025-12-14 05:30:39 +00:00

26 lines
1.0 KiB
YAML
Raw Blame History

permissions: write-all # Equivalent to default permissions plus id-token: write
name: Export secrets to ESC
on: [workflow_dispatch]
jobs:
export-to-esc:
runs-on: ubuntu-latest
name: export GitHub secrets to ESC
steps:
- name: Generate a GitHub token
id: generate-token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
with:
app-id: 1256780 # Export Secrets GitHub App
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
- name: Export secrets to ESC
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1
with:
organization: pulumi
org-environment: imports/github-secrets
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
github-token: ${{ steps.generate-token.outputs.token }}
oidc-auth: true
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
env:
GITHUB_SECRETS: ${{ toJSON(secrets) }}
View Git Blame Copy Permalink