From 9e0864d300f723d9b75cf6aaa72c580fb631b93b Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Sun, 15 Dec 2024 12:24:00 +0100
Subject: [PATCH] don't use vault anymore

---
 .../.github/workflows/build_app_android.yaml  | 20 +++------------
 frontend/.github/workflows/build_app_ios.yaml | 25 +++++--------------
 frontend/android/fallback.properties          |  1 -
 3 files changed, 10 insertions(+), 36 deletions(-)

diff --git a/frontend/.github/workflows/build_app_android.yaml b/frontend/.github/workflows/build_app_android.yaml
index 9a5c35a..b62943a 100644
--- a/frontend/.github/workflows/build_app_android.yaml
+++ b/frontend/.github/workflows/build_app_android.yaml
@@ -39,23 +39,11 @@ jobs:
           # remove the 'v' prefix from the tag name
           echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
 
-      - name: Load secrets
-        id: load-secrets
-        uses: hashicorp/vault-action@v3
-        with:
-          url: https://api.hashicorp.com
-          token: ${{ secrets.VAULT_TOKEN }}
-          secrets: |
-            secret/release GOOGLE_MAPS_API_KEY | GOOGLE_MAPS_API_KEY ;
-            secret/release ANDROID_SECRET_PROPERTIES_BASE64 | ANDROID_SECRET_PROPERTIES_BASE64 ;
-            secret/release ANDROID_GOOGLE_PLAY_JSON_BASE64 | ANDROID_GOOGLE_PLAY_JSON_BASE64 ;
-            secret/release ANDROID_KEYSTORE_BASE64 | ANDROID_KEYSTORE_BASE64 ;
-
       - name: Put selected secrets into files
         run: |
-          echo "${{ steps.load-secrets.outputs.ANDROID_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
-          echo "${{ steps.load-secrets.outputs.ANDROID_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
-          echo "${{ steps.load-secrets.outputs.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
+          echo "${{ secrets.ANDROID_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
+          echo "${{ secrets.ANDROID_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
+          echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
         working-directory: android
 
       - name: Install fastlane
@@ -68,4 +56,4 @@ jobs:
         env:
           BUILD_NUMBER: ${{ github.run_number }}
           # BUILD_NAME is implicitly available
-          GOOGLE_MAPS_API_KEY: ${{ steps.load-secrets.outputs.GOOGLE_MAPS_API_KEY }}
+          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
diff --git a/frontend/.github/workflows/build_app_ios.yaml b/frontend/.github/workflows/build_app_ios.yaml
index e753b5c..7a97a20 100644
--- a/frontend/.github/workflows/build_app_ios.yaml
+++ b/frontend/.github/workflows/build_app_ios.yaml
@@ -30,23 +30,10 @@ jobs:
           # remove the 'v' prefix from the tag name
           echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
 
-      - name: Load secrets
-        id: load-secrets
-        uses: hashicorp/vault-action@v3
-        with:
-          url: https://api.hashicorp.com
-          token: ${{ secrets.VAULT_TOKEN }}
-          secrets: |
-            secret/release GOOGLE_MAPS_API_KEY | GOOGLE_MAPS_API_KEY ;
-            secret/release IOS_ASC_KEY_ID | IOS_ASC_KEY_ID ;
-            secret/release IOS_ASC_ISSUER_ID | IOS_ASC_ISSUER_ID ;
-            secret/release IOS_ASC_KEY | IOS_ASC_KEY ;
-            secret/release IOS_MATCH_REPO_SSH_KEY_BASE64 | IOS_MATCH_REPO_SSH_KEY_BASE64 ;
-
       - name: Setup SSH key for match git repo
         run: echo "$MATCH_REPO_SSH_KEY" | base64 --decode > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
         env:
-          MATCH_REPO_SSH_KEY: ${{ steps.load-secrets.outputs.IOS_MATCH_REPO_SSH_KEY_BASE64 }}
+          MATCH_REPO_SSH_KEY: ${{ secrets.IOS_MATCH_REPO_SSH_KEY_BASE64 }}
 
       - name: Install fastlane
         run: bundle install
@@ -58,8 +45,8 @@ jobs:
         env:
           BUILD_NUMBER: ${{ github.run_number }}
           # BUILD_NAME is implicitly available
-          GOOGLE_MAPS_API_KEY: ${{ steps.load-secrets.outputs.GOOGLE_MAPS_API_KEY }}
-          IOS_ASC_KEY_ID: ${{ steps.load-secrets.outputs.IOS_ASC_KEY_ID }}
-          IOS_ASC_ISSUER_ID: ${{ steps.load-secrets.outputs.IOS_ASC_ISSUER_ID }}
-          IOS_ASC_KEY: ${{ steps.load-secrets.outputs.IOS_ASC_KEY }}
-          MATCH_PASSWORD: ${{ steps.load-secrets.outputs.IOS_MATCH_PASSWORD }}
+          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
+          IOS_ASC_KEY_ID: ${{ secrets.IOS_ASC_KEY_ID }}
+          IOS_ASC_ISSUER_ID: ${{ secrets.IOS_ASC_ISSUER_ID }}
+          IOS_ASC_KEY: ${{ secrets.IOS_ASC_KEY }}
+          MATCH_PASSWORD: ${{ secrets.IOS_MATCH_PASSWORD }}
diff --git a/frontend/android/fallback.properties b/frontend/android/fallback.properties
index 0824221..1fdcdb3 100644
--- a/frontend/android/fallback.properties
+++ b/frontend/android/fallback.properties
@@ -1,3 +1,2 @@
 # This file mirrors the state of secrets.properties as a reference for the developer.
 # And as a fallback for build.gradle
-MAPS_API_KEY=Key
\ No newline at end of file