secrets pipeline #2


	---
	name: sync secrets
	on: # yamllint disable-line rule:truthy
	push:
	branches:
	- engops_maintenance
	permissions:
	id-token: write
	contents: read
	jobs:
	sync:
	runs-on: ubuntu-latest
	steps:
	- name: Login to Azure
	uses: azure/login@v1
	with:
	client-id: ${{ vars.GH_APP_ORG_ENGOPS_MAINTENANCE_CLIENT_ID }}
	tenant-id: ${{ vars.AZURE_SWI_TENANT_ID }}
	subscription-id: ${{ vars.AZURE_ITSANDBOX_SUBSCRIPTION_ID }}
	- name: 'set-org-secret'
	run: \|
	echo "Syncing CODECOV_TOKEN ..."
	SECRET="CODECOV_TOKEN"
	SECRET_NAME="vividcortex--ewma--${SECRET//_/-}"
	[ ! -z "${{ secrets.CODECOV_TOKEN }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.CODECOV_TOKEN }}"

Provide feedback