Merge pull request 'don't use vault anymore' (#43) from frontend/ci-cd-fixes into main
Reviewed-on: #43
This commit is contained in:
commit
a59029c809
@ -39,23 +39,11 @@ jobs:
|
||||
# remove the 'v' prefix from the tag name
|
||||
echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
|
||||
|
||||
- name: Load secrets
|
||||
id: load-secrets
|
||||
uses: hashicorp/vault-action@v3
|
||||
with:
|
||||
url: https://api.hashicorp.com
|
||||
token: ${{ secrets.VAULT_TOKEN }}
|
||||
secrets: |
|
||||
secret/release GOOGLE_MAPS_API_KEY | GOOGLE_MAPS_API_KEY ;
|
||||
secret/release ANDROID_SECRET_PROPERTIES_BASE64 | ANDROID_SECRET_PROPERTIES_BASE64 ;
|
||||
secret/release ANDROID_GOOGLE_PLAY_JSON_BASE64 | ANDROID_GOOGLE_PLAY_JSON_BASE64 ;
|
||||
secret/release ANDROID_KEYSTORE_BASE64 | ANDROID_KEYSTORE_BASE64 ;
|
||||
|
||||
- name: Put selected secrets into files
|
||||
run: |
|
||||
echo "${{ steps.load-secrets.outputs.ANDROID_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
|
||||
echo "${{ steps.load-secrets.outputs.ANDROID_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
|
||||
echo "${{ steps.load-secrets.outputs.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
|
||||
echo "${{ secrets.ANDROID_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
|
||||
echo "${{ secrets.ANDROID_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
|
||||
echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
|
||||
working-directory: android
|
||||
|
||||
- name: Install fastlane
|
||||
@ -68,4 +56,4 @@ jobs:
|
||||
env:
|
||||
BUILD_NUMBER: ${{ github.run_number }}
|
||||
# BUILD_NAME is implicitly available
|
||||
GOOGLE_MAPS_API_KEY: ${{ steps.load-secrets.outputs.GOOGLE_MAPS_API_KEY }}
|
||||
GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
|
||||
|
||||
25
frontend/.github/workflows/build_app_ios.yaml
vendored
25
frontend/.github/workflows/build_app_ios.yaml
vendored
@ -30,23 +30,10 @@ jobs:
|
||||
# remove the 'v' prefix from the tag name
|
||||
echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
|
||||
|
||||
- name: Load secrets
|
||||
id: load-secrets
|
||||
uses: hashicorp/vault-action@v3
|
||||
with:
|
||||
url: https://api.hashicorp.com
|
||||
token: ${{ secrets.VAULT_TOKEN }}
|
||||
secrets: |
|
||||
secret/release GOOGLE_MAPS_API_KEY | GOOGLE_MAPS_API_KEY ;
|
||||
secret/release IOS_ASC_KEY_ID | IOS_ASC_KEY_ID ;
|
||||
secret/release IOS_ASC_ISSUER_ID | IOS_ASC_ISSUER_ID ;
|
||||
secret/release IOS_ASC_KEY | IOS_ASC_KEY ;
|
||||
secret/release IOS_MATCH_REPO_SSH_KEY_BASE64 | IOS_MATCH_REPO_SSH_KEY_BASE64 ;
|
||||
|
||||
- name: Setup SSH key for match git repo
|
||||
run: echo "$MATCH_REPO_SSH_KEY" | base64 --decode > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
|
||||
env:
|
||||
MATCH_REPO_SSH_KEY: ${{ steps.load-secrets.outputs.IOS_MATCH_REPO_SSH_KEY_BASE64 }}
|
||||
MATCH_REPO_SSH_KEY: ${{ secrets.IOS_MATCH_REPO_SSH_KEY_BASE64 }}
|
||||
|
||||
- name: Install fastlane
|
||||
run: bundle install
|
||||
@ -58,8 +45,8 @@ jobs:
|
||||
env:
|
||||
BUILD_NUMBER: ${{ github.run_number }}
|
||||
# BUILD_NAME is implicitly available
|
||||
GOOGLE_MAPS_API_KEY: ${{ steps.load-secrets.outputs.GOOGLE_MAPS_API_KEY }}
|
||||
IOS_ASC_KEY_ID: ${{ steps.load-secrets.outputs.IOS_ASC_KEY_ID }}
|
||||
IOS_ASC_ISSUER_ID: ${{ steps.load-secrets.outputs.IOS_ASC_ISSUER_ID }}
|
||||
IOS_ASC_KEY: ${{ steps.load-secrets.outputs.IOS_ASC_KEY }}
|
||||
MATCH_PASSWORD: ${{ steps.load-secrets.outputs.IOS_MATCH_PASSWORD }}
|
||||
GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
|
||||
IOS_ASC_KEY_ID: ${{ secrets.IOS_ASC_KEY_ID }}
|
||||
IOS_ASC_ISSUER_ID: ${{ secrets.IOS_ASC_ISSUER_ID }}
|
||||
IOS_ASC_KEY: ${{ secrets.IOS_ASC_KEY }}
|
||||
MATCH_PASSWORD: ${{ secrets.IOS_MATCH_PASSWORD }}
|
||||
|
||||
@ -1,3 +1,2 @@
|
||||
# This file mirrors the state of secrets.properties as a reference for the developer.
|
||||
# And as a fallback for build.gradle
|
||||
MAPS_API_KEY=Key
|
||||
Loading…
x
Reference in New Issue
Block a user