use GITHUB_ENV for OIDC_TOKEN

EGI-Federation · Sep 19, 2024 · d416b4e · d416b4e
1 parent a055d4f
commit d416b4e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 7 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -36,9 +36,12 @@ jobs:
             > ~/.mytoken/config.yaml
           # add PWD to the PATH
           echo "$PWD" >> "$GITHUB_PATH"
+          # add OIDC access token to ENV
+          OIDC_TOKEN=$(mytoken AT --MT-env MYTOKEN)
+          echo "::add-mask::$OIDC_TOKEN"
+          echo "OIDC_TOKEN=$OIDC_TOKEN" >> "$GITHUB_ENV"
       - name: Configure providers access
         env:
-          MYTOKEN: ${{ secrets.MYTOKEN }}
         run: |
           cd deployment
           ./site-config.sh
@@ -113,8 +116,6 @@ jobs:
       - name: Configure with ansible
         if: github.ref == 'refs/heads/main' && github.event_name == 'push'
         uses: dawidd6/action-ansible-playbook@v2
-        env:
-          MYTOKEN: ${{ secrets.MYTOKEN }}
         with:
           playbook: playbook.yaml
           directory: ./deployment
@@ -124,7 +125,7 @@ jobs:
             ${{ steps.public_ip.outputs.stdout }}
           requirements: galaxy-requirements.yaml
           options: |
-            --extra-vars ACCESS_TOKEN="$(mytoken AT --MT-env MYTOKEN)"
+            --extra-vars ACCESS_TOKEN=${{ env.OIDC_TOKEN }}
             --extra-vars git_ref=${{ github.sha }}
             --ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
             -u egi
diff --git a/deployment/site-config.sh b/deployment/site-config.sh
@@ -27,9 +27,7 @@ dump_config() {
 EOF
 }
 
-OIDC_TOKEN=$(mytoken AT --MT-env MYTOKEN)
-
-echo "::add-mask::$OIDC_TOKEN"
+# using OIDC_TOKEN generated in .github/workflows/deploy.yaml
 
 rm -f clouds.yaml
 echo "clouds:" > tmp-clouds.yaml