91fdae679d
This PR was automatically generated by the update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt repo, from commit 4ac37ece8be37ce71d07d3e42b89c7c306173b9b.
26 lines
1012 B
YAML
26 lines
1012 B
YAML
permissions: write-all # Equivalent to default permissions plus id-token: write
|
|
name: Export secrets to ESC
|
|
on: [workflow_dispatch]
|
|
jobs:
|
|
export-to-esc:
|
|
runs-on: ubuntu-latest
|
|
name: export GitHub secrets to ESC
|
|
steps:
|
|
- name: Generate a GitHub token
|
|
id: generate-token
|
|
uses: actions/create-github-app-token@v1
|
|
with:
|
|
app-id: 1256780 # Export Secrets GitHub App
|
|
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
|
|
- name: Export secrets to ESC
|
|
uses: pulumi/esc-export-secrets-action@v1
|
|
with:
|
|
organization: pulumi
|
|
org-environment: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
|
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
|
|
github-token: ${{ steps.generate-token.outputs.token }}
|
|
oidc-auth: true
|
|
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
|
|
env:
|
|
GITHUB_SECRETS: ${{ toJSON(secrets) }}
|