diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index cd1acff..165d0a2 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -13,6 +13,10 @@ echo "Proxygen KID: ${PROXYGEN_KID}" echo "Deploy Check Prescription Status Update: ${DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE}" echo "Dry run: ${DRY_RUN}" + +client_private_key=$(cat ~/.proxygen/tmp/client_private_key) +client_cert=$(cat ~/.proxygen/tmp/client_cert) + if [ -z "${client_private_key}" ]; then echo "client_private_key is unset or set to the empty string" exit 1 diff --git a/.github/workflows/release_psu_to_ref.yml b/.github/workflows/release_psu_to_ref.yml index 770b511..d4c7ae7 100644 --- a/.github/workflows/release_psu_to_ref.yml +++ b/.github/workflows/release_psu_to_ref.yml @@ -99,20 +99,11 @@ jobs: - name: get mtls secrets shell: bash run: | + mkdir -p ~/.proxygen/tmp client_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientKeySecret'].Value" --output text) client_cert_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientCertSecret'].Value" --output text) - client_private_key=$(aws secretsmanager get-secret-value --secret-id "${client_private_key_arn}" --query SecretString --output text) - client_cert=$(aws secretsmanager get-secret-value --secret-id "${client_cert_arn}" --query SecretString --output text) - { - echo 'client_private_key<> "$GITHUB_ENV" - { - echo 'client_cert<> "$GITHUB_ENV" + aws secretsmanager get-secret-value --secret-id "${client_private_key_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_private_key + aws secretsmanager get-secret-value --secret-id "${client_cert_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_cert - name: Configure AWS Credentials for api release uses: aws-actions/configure-aws-credentials@v4