Skip to content

Commit f3e03ae

Browse files
GcayaGcaya
authored
Use shared action and fix publish workflow (#110)
1 parent 1f1fc19 commit f3e03ae

File tree

2 files changed

+20
-29
lines changed

2 files changed

+20
-29
lines changed

.github/workflows/ci.yml

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -29,32 +29,27 @@ jobs:
2929
with:
3030
fetch-depth: 0
3131

32-
- name: 'Azure CLI login'
33-
uses: azure/login@v2
32+
- name: Get gsoft-nuget-feed secret
33+
id: get_gsoft_nuget_feed_secret
34+
uses: workleap/wl-reusable-workflows/retrieve-managed-secret@main
3435
with:
35-
client-id: ${{ vars.AZURE_CLIENT_ID }}
36-
tenant-id: ${{ vars.AZURE_TENANT_ID }}
37-
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
38-
39-
- name: Get Secrets from Azure Key Vault
40-
id: get_secrets
41-
run: |
42-
# Set env.ADO_PAT
43-
ADO_PAT=$(az keyvault secret show --vault-name ${{ vars.IDP_CICD_KEYVAULT_NAME }} --name "gsoft-nuget-feed-ado-pat" --query value -o tsv)
44-
echo "::add-mask::$ADO_PAT"
45-
echo "ado_pat=$ADO_PAT" >> $GITHUB_OUTPUT
36+
azure-client-id: ${{ vars.AZURE_CLIENT_ID }}
37+
azure-tenant-id: ${{ vars.AZURE_TENANT_ID }}
38+
azure-subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
39+
keyvault-name: ${{ vars.IDP_CICD_KEYVAULT_NAME }}
40+
secret-name: "gsoft-nuget-feed-ado-pat"
4641

4742
- uses: actions/setup-dotnet@v4
4843
with:
4944
source-url: ${{ secrets.NUGET_GSOFTDEV_FEED_URL }}
5045
env:
51-
NUGET_AUTH_TOKEN: ${{ steps.get_secrets.outputs.ado_pat }}
46+
NUGET_AUTH_TOKEN: ${{ steps.get_gsoft_nuget_feed_secret.outputs.secret }}
5247

5348
- run: ./Build.ps1
5449
shell: pwsh
5550
env:
5651
NUGET_SOURCE: ${{ secrets.NUGET_GSOFTDEV_FEED_URL }}
57-
NUGET_API_KEY: ${{ steps.get_secrets.outputs.ado_pat }}
52+
NUGET_API_KEY: ${{ steps.get_gsoft_nuget_feed_secret.outputs.secret }}
5853

5954
linearb:
6055
needs: [ci]

.github/workflows/publish.yml

Lines changed: 10 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -16,33 +16,29 @@ jobs:
1616
publish:
1717
runs-on: [self-hosted, idp]
1818

19+
environment: ci
1920
steps:
2021
- uses: actions/checkout@v4
2122
with:
2223
fetch-depth: 0
2324

24-
- name: 'Azure CLI login'
25-
uses: azure/login@v2
25+
- name: Get workleap-api-key secret
26+
id: get_workleap_api_key_secret
27+
uses: workleap/wl-reusable-workflows/retrieve-managed-secret@main
2628
with:
27-
client-id: ${{ vars.AZURE_CLIENT_ID }}
28-
tenant-id: ${{ vars.AZURE_TENANT_ID }}
29-
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
30-
31-
- name: Get Secrets from Azure Key Vault
32-
id: get_secrets
33-
run: |
34-
# Set env.WORKLEAP_NUGET_API_KEY
35-
WORKLEAP_NUGET_API_KEY=$(az keyvault secret show --vault-name ${{ vars.IDP_CICD_KEYVAULT_NAME }} --name "nuget-org-workleap-api-key" --query value -o tsv)
36-
echo "::add-mask::$WORKLEAP_NUGET_API_KEY"
37-
echo "workleap_nuget_api_key=$WORKLEAP_NUGET_API_KEY" >> $GITHUB_OUTPUT
29+
azure-client-id: ${{ vars.AZURE_CLIENT_ID }}
30+
azure-tenant-id: ${{ vars.AZURE_TENANT_ID }}
31+
azure-subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
32+
keyvault-name: ${{ vars.IDP_CICD_KEYVAULT_NAME }}
33+
secret-name: "nuget-org-workleap-api-key"
3834

3935
- uses: actions/setup-dotnet@v4
4036

4137
- run: ./Build.ps1
4238
shell: pwsh
4339
env:
4440
NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}
45-
NUGET_API_KEY: ${{ steps.get_secrets.outputs.workleap_nuget_api_key }}
41+
NUGET_API_KEY: ${{ steps.get_workleap_api_key_secret.outputs.secret }}
4642

4743
linearb:
4844
needs: [publish]

0 commit comments

Comments
 (0)