Move GitHub Secrets into Variables that have no Secrecy need

Case RE-1001: Move GitHub Secrets into Variables Changelog:
cpanel · Dec 20, 2024 · 3fdcb86 · 3fdcb86
1 parent 7a8ff81
commit 3fdcb86
Show file tree

Hide file tree

Showing 13 changed files with 152 additions and 120 deletions.
diff --git a/.github/workflows/openstack-centos-7.yml b/.github/workflows/openstack-centos-7.yml
@@ -1,15 +1,15 @@
 name: "Test Run: centos-7"
 
 on:
-  workflow_dispatch:
-    inputs:
-      message:
-        description: 'Build description CentOS 7'
-
-  workflow_run:
-    workflows: ["TestSuite"]
-    types:
-      - completed
+#  workflow_dispatch:
+#    inputs:
+#      message:
+#        description: 'Build description CentOS 7'
+
+#  workflow_run:
+#    workflows: ["TestSuite"]
+#    types:
+#      - completed
 
   workflow_call:
 
@@ -18,22 +18,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/centos-7"
 
 jobs: 
@@ -44,6 +44,18 @@ jobs:
             working-directory: "${{ github.workspace }}/.github/workflows/openstack/centos-7"
         steps:
         - uses: actions/checkout@v4
+
+        - name: Dump all GitHub variables
+          run: |
+            echo "Dumping all GitHub variables:"
+            echo "github.ref: ${{ github.ref }}"
+            echo "github.ref_name: ${{ github.ref_name }}"
+            echo "github.job: ${{ github.job }}"
+            echo "github.workflow: ${{ github.workflow }}"
+            echo "github.triggering_actor: ${{ github.triggering_actor }}"
+            echo "github.event_name: ${{ github.event_name }}"
+            echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
+
         - name: Terraform fmt
           id: fmt
           run: |
@@ -296,7 +308,7 @@ jobs:
               /scripts/status_marker 1
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 2 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 2 of 5" RETVAL/scripts/reboot_watch
 
     wait_for_stage_2_reboot:
       runs-on: self-hosted
@@ -361,7 +373,7 @@ jobs:
               /scripts/status_marker 2
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 3 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 3 of 5" RETVAL/scripts/reboot_watch
     
     wait_for_stage_3_reboot:
       runs-on: self-hosted
@@ -425,7 +437,7 @@ jobs:
               /scripts/status_marker 3
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 4 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 4 of 5" RETVAL/scripts/reboot_watch
 
     wait_for_stage_4_reboot:
       runs-on: self-hosted
@@ -489,7 +501,7 @@ jobs:
               /scripts/status_marker 4
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 5 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 5 of 5" RETVAL/scripts/reboot_watch
 
     wait_for_stage_5_reboot:
       runs-on: self-hosted
@@ -553,7 +565,7 @@ jobs:
               /scripts/status_marker 5
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep 2.5
-              SKIP_PID_CHECK=1 REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
 
     wait_for_final_reboot:
       runs-on: self-hosted

diff --git a/.github/workflows/openstack-cloudlinux-7.yml.disabled b/.github/workflows/openstack-cloudlinux-7.yml.disabled
@@ -18,22 +18,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/cloudlinux-7"
 
 jobs: 
@@ -44,6 +44,18 @@ jobs:
             working-directory: "${{ github.workspace }}/.github/workflows/openstack/cloudlinux-7"
         steps:
         - uses: actions/checkout@v4
+
+        - name: Dump all GitHub variables
+          run: |
+            echo "Dumping all GitHub variables:"
+            echo "github.ref: ${{ github.ref }}"
+            echo "github.ref_name: ${{ github.ref_name }}"
+            echo "github.job: ${{ github.job }}"
+            echo "github.workflow: ${{ github.workflow }}"
+            echo "github.triggering_actor: ${{ github.triggering_actor }}"
+            echo "github.event_name: ${{ github.event_name }}"
+            echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
+
         - name: Terraform fmt
           id: fmt
           run: |
@@ -566,7 +578,7 @@ jobs:
               /scripts/status_marker 5
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep 2.5
-              SKIP_PID_CHECK=1 REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
 
     wait_for_final_reboot:
       runs-on: self-hosted

diff --git a/.github/workflows/openstack-ubuntu-20.yml b/.github/workflows/openstack-ubuntu-20.yml
@@ -1,15 +1,15 @@
 name: "Test Run: ubuntu-20.04"
 
 on:
-  workflow_dispatch:
-    inputs:
-      message:
-        description: 'Build description Ubuntu 20.04'
+#  workflow_dispatch:
+#    inputs:
+#      message:
+#        description: 'Build description Ubuntu 20.04'
 
-  workflow_run:
-    workflows: ["TestSuite"]
-    types:
-      - completed
+#  workflow_run:
+#    workflows: ["TestSuite"]
+#    types:
+#      - completed
 
   workflow_call:
 
@@ -18,22 +18,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/ubuntu-20.04"
 
 jobs: 
@@ -44,6 +44,19 @@ jobs:
             working-directory: "${{ github.workspace }}/.github/workflows/openstack/ubuntu-20.04"
         steps:
         - uses: actions/checkout@v4
+            # Step to dump all GitHub variables
+
+        - name: Dump all GitHub variables
+          run: |
+            echo "Dumping all GitHub variables:"
+            echo "github.ref: ${{ github.ref }}"
+            echo "github.ref_name: ${{ github.ref_name }}"
+            echo "github.job: ${{ github.job }}"
+            echo "github.workflow: ${{ github.workflow }}"
+            echo "github.triggering_actor: ${{ github.triggering_actor }}"
+            echo "github.event_name: ${{ github.event_name }}"
+            echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
+    
         - name: Terraform fmt
           id: fmt
           run: |
@@ -296,7 +309,7 @@ jobs:
               /scripts/status_marker 1
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 2 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 2 of 5" RETVAL/scripts/reboot_watch
 
     wait_for_stage_2_reboot:
       runs-on: self-hosted
@@ -361,7 +374,7 @@ jobs:
               /scripts/status_marker 2
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 3 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 3 of 5" RETVAL/scripts/reboot_watch
     
     wait_for_stage_3_reboot:
       runs-on: self-hosted
@@ -425,7 +438,7 @@ jobs:
               /scripts/status_marker 3
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 4 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 4 of 5" RETVAL/scripts/reboot_watch
 
     wait_for_stage_4_reboot:
       runs-on: self-hosted
@@ -489,7 +502,7 @@ jobs:
               /scripts/status_marker 4
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep .5
-              REBOOT_STRING="Rebooting into stage 5 of 5" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Rebooting into stage 5 of 5" RETVAL/scripts/reboot_watch
 
     wait_for_stage_5_reboot:
       runs-on: self-hosted
@@ -553,7 +566,7 @@ jobs:
               /scripts/status_marker 5
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep 2.5
-              SKIP_PID_CHECK=1 REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Great SUCCESS" RETVAL=1 /scripts/reboot_watch
 
     wait_for_final_reboot:
       runs-on: self-hosted

diff --git a/.github/workflows/openstack/centos-7/main.tf b/.github/workflows/openstack/centos-7/main.tf
@@ -14,8 +14,8 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
-  region                        = var.os_auth_region
+  auth_url                      = var.os_auth_url
+  region                        = var.os_region_name
 }
 
 data "openstack_images_image_ids_v2" "images" {

diff --git a/.github/workflows/openstack/centos-7/variables.tf b/.github/workflows/openstack/centos-7/variables.tf
@@ -19,20 +19,14 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
-variable "os_auth_region" {
-  type = string
-}
-
 variable "os_auth_url" {
-  type = string
+  type    = string
+  default = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
 }
 
-variable "os_project_domain_name" {
-  type = string
+variable "os_region_name" {
+  type    = string
+  default = "RegionOne"
 }
 
 variable "ssh_private_key" {

diff --git a/.../openstack/cloudlinux-7/cloud-config.yaml → ...k/cloudlinux-7.disabled/cloud-config.yaml b/.../openstack/cloudlinux-7/cloud-config.yaml → ...k/cloudlinux-7.disabled/cloud-config.yaml
diff --git a/...ows/openstack/cloudlinux-7/cloud-init.yml → ...tack/cloudlinux-7.disabled/cloud-init.yml b/...ows/openstack/cloudlinux-7/cloud-init.yml → ...tack/cloudlinux-7.disabled/cloud-init.yml
diff --git a/.../workflows/openstack/cloudlinux-7/main.tf → ...s/openstack/cloudlinux-7.disabled/main.tf b/.../workflows/openstack/cloudlinux-7/main.tf → ...s/openstack/cloudlinux-7.disabled/main.tf
@@ -14,7 +14,7 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
+  auth_url                      = var.os_auth_url
   region                        = var.os_auth_region
 }
 

diff --git a/...rkflows/openstack/cloudlinux-7/outputs.tf → ...penstack/cloudlinux-7.disabled/outputs.tf b/...rkflows/openstack/cloudlinux-7/outputs.tf → ...penstack/cloudlinux-7.disabled/outputs.tf
diff --git a/...flows/openstack/cloudlinux-7/variables.tf → ...nstack/cloudlinux-7.disabled/variables.tf b/...flows/openstack/cloudlinux-7/variables.tf → ...nstack/cloudlinux-7.disabled/variables.tf
@@ -19,22 +19,15 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
-variable "os_auth_region" {
+variable "os_region_name" {
   type = string
+  default = "RegionOne"
 }
 
 variable "os_auth_url" {
   type = string
 }
 
-variable "os_project_domain_name" {
-  type = string
-}
-
 variable "ssh_private_key" {
   type        = string
   description = "SSH private key matching the public key added to the VMs /root/.ssh/authorized_keys file to allow user access."

diff --git a/.github/workflows/openstack/ubuntu-20.04/main.tf b/.github/workflows/openstack/ubuntu-20.04/main.tf
@@ -14,8 +14,8 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
-  region                        = var.os_auth_region
+  auth_url                      = var.os_auth_url
+  region                        = var.os_region_name
 }
 
 data "openstack_images_image_ids_v2" "images" {