Skip to content

secrets pipeline

secrets pipeline #1

---
name: sync secrets
on: # yamllint disable-line rule:truthy
push:
branches:
- engops_maintenance
permissions:
id-token: write
contents: read
jobs:
sync:
runs-on: ubuntu-latest
steps:
- name: Login to Azure
uses: azure/login@v1
with:
client-id: ${{ vars.GH_APP_ORG_ENGOPS_MAINTENANCE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_SWI_TENANT_ID }}
subscription-id: ${{ vars.AZURE_ITSANDBOX_SUBSCRIPTION_ID }}
- name: 'set-org-secret'
run: |
echo "Syncing CODECOV_TOKEN ..."
SECRET="CODECOV_TOKEN"
SECRET_NAME="vividcortex--ewma--${SECRET//_/-}"
[ ! -z "${{ secrets.CODECOV_TOKEN }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.CODECOV_TOKEN }}"