apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Chore: Use Vault secrets in `sync-mirror-event.yml` (#104705) (#105782)

Browse Source 
* baldm0mma/ update to using vault secrets

* Update .github/workflows/sync-mirror-event.yml



* Update .github/workflows/sync-mirror-event.yml



---------


(cherry picked from commit f0686a61ce)

Co-authored-by: Jev Forsberg <46619047+baldm0mma@users.noreply.github.com>
Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com>
pull/105790/head
Kevin Yu 1 month ago committed by GitHub
parent 768baae76d
commit 2bf383a4dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      .github/workflows/sync-mirror-event.yml

19
.github/workflows/sync-mirror-event.yml
Unescape View File

@ -10,7 +10,8 @@ on:
- "v*.*.*" - "v*.*.*"
- "release-*" - "release-*"
permissions: {} permissions:
id-token: write
# This is run after the pull request has been merged, so we'll run against the target branch # This is run after the pull request has been merged, so we'll run against the target branch
jobs: jobs:
@ -22,24 +23,30 @@ jobs:
env: env:
REF_NAME: ${{ github.ref_name }} REF_NAME: ${{ github.ref_name }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
SENDER: ${{ github.event.sender.login }}
SHA: ${{ github.sha }} SHA: ${{ github.sha }}
PR_COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
steps: steps:
- name: "Get vault secrets"
id: vault-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
# Secrets placed in the ci/data/repo/grafana/grafana/delivery-bot-app path in Vault
repo_secrets: |
GRAFANA_DELIVERY_BOT_APP_PEM=delivery-bot-app:PRIVATE_KEY
- name: "Generate token" - name: "Generate token"
id: generate_token id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
with: with:
# App needs Actions: Read/Write for the grafana/security-patch-actions repo # App needs Actions: Read/Write for the grafana/security-patch-actions repo
app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} app_id: ${{ vars.DELIVERY_BOT_APP_ID }}
private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} private_key: ${{ env.GRAFANA_DELIVERY_BOT_APP_PEM }}
- uses: actions/github-script@v7 - uses: actions/github-script@v7
if: github.repository == 'grafana/grafana' if: github.repository == 'grafana/grafana'
with: with:
github-token: ${{ steps.generate_token.outputs.token }} github-token: ${{ steps.generate_token.outputs.token }}
script: | script: |
const {HEAD_REF, BASE_REF, REPO, SENDER, SHA} = process.env; const {REF_NAME, REPO, SHA} = process.env;
await github.rest.actions.createWorkflowDispatch({ await github.rest.actions.createWorkflowDispatch({
owner: 'grafana', owner: 'grafana',

Write Preview
Loading…
Cancel
Save