secrets pipeline #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: sync secrets | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: | |
| - engops_maintenance | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| sync: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Login to Azure | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ vars.GH_APP_ORG_ENGOPS_MAINTENANCE_CLIENT_ID }} | |
| tenant-id: ${{ vars.AZURE_SWI_TENANT_ID }} | |
| subscription-id: ${{ vars.AZURE_ITSANDBOX_SUBSCRIPTION_ID }} | |
| - name: 'set-org-secret' | |
| run: | | |
| echo "Syncing PACKAGECLOUD_TOKEN ..." | |
| SECRET="PACKAGECLOUD_TOKEN" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.PACKAGECLOUD_TOKEN }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.PACKAGECLOUD_TOKEN }}" | |
| echo "Syncing RUBYGEMS_TOKEN ..." | |
| SECRET="RUBYGEMS_TOKEN" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.RUBYGEMS_TOKEN }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.RUBYGEMS_TOKEN }}" | |
| echo "Syncing SW_APM_COLLECTOR_PROD ..." | |
| SECRET="SW_APM_COLLECTOR_PROD" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.SW_APM_COLLECTOR_PROD }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.SW_APM_COLLECTOR_PROD }}" | |
| echo "Syncing SW_APM_COLLECTOR_STAGING ..." | |
| SECRET="SW_APM_COLLECTOR_STAGING" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.SW_APM_COLLECTOR_STAGING }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.SW_APM_COLLECTOR_STAGING }}" | |
| echo "Syncing SW_APM_SERVICE_KEY_PROD ..." | |
| SECRET="SW_APM_SERVICE_KEY_PROD" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.SW_APM_SERVICE_KEY_PROD }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.SW_APM_SERVICE_KEY_PROD }}" | |
| echo "Syncing SW_APM_SERVICE_KEY_STAGING ..." | |
| SECRET="SW_APM_SERVICE_KEY_STAGING" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.SW_APM_SERVICE_KEY_STAGING }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.SW_APM_SERVICE_KEY_STAGING }}" | |
| echo "Syncing TRACE_BUILD_RUBY_ACTIONS_API_TOKEN ..." | |
| SECRET="TRACE_BUILD_RUBY_ACTIONS_API_TOKEN" | |
| SECRET_NAME="solarwinds-apm-ruby--${SECRET//_/-}" | |
| [ ! -z "${{ secrets.TRACE_BUILD_RUBY_ACTIONS_API_TOKEN }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.TRACE_BUILD_RUBY_ACTIONS_API_TOKEN }}" |