feat: migrate everything to sm

joryirving · Jan 24, 2024 · cb6b1b5 · cb6b1b5
1 parent de82136
commit cb6b1b5
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 25 deletions.
diff --git a/.github/workflows/bulk-merge-prs.yaml b/.github/workflows/bulk-merge-prs.yaml
@@ -19,12 +19,21 @@
       name: Bulk Merge PRs
       runs-on: ubuntu-latest
       steps:
+        - name: Get Secrets
+          uses: bitwarden/sm-action@v2
+          with:
+            access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+            secrets: |
+              e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+              5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+              33fe0505-5ef3-4d91-8053-b101004a4947 > BOT_USERNAME
+
         - name: Generate Token
           uses: actions/create-github-app-token@v1
           id: app-token
           with:
-            app-id: "${{ secrets.BOT_APP_ID }}"
-            private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+            app-id: "${{ env.BOT_APP_ID }}"
+            private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
         - name: Checkout
           uses: actions/checkout@v4
@@ -37,7 +46,7 @@
             GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}"
           run: |
             args=()
-            args+=(--app ${{ secrets.BOT_USERNAME }})
+            args+=(--app ${{ env.BOT_USERNAME }})
             args+=(--state open)
             if [ "${{ github.event.inputs.labels }}" != "any" ]; then
                 IFS=',' read -ra labels <<< "${{ github.event.inputs.labels }}"

diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml
@@ -18,12 +18,20 @@ jobs:
     outputs:
       matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout Default Branch
         uses: actions/checkout@v4
@@ -61,8 +69,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/flux-hr-sync.yaml b/.github/workflows/flux-hr-sync.yaml
@@ -31,13 +31,15 @@ jobs:
           access_token: ${{ secrets.BW_ACCESS_TOKEN }}
           secrets: |
             1c493889-1e30-4156-a937-b10100433300 > KUBECONFIG
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
 
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/flux-image-test.yaml b/.github/workflows/flux-image-test.yaml
@@ -18,12 +18,20 @@ jobs:
     outputs:
       matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
@@ -62,8 +70,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Setup Homebrew
         uses: Homebrew/actions/setup-homebrew@master

diff --git a/.github/workflows/flux-ks-sync.yaml b/.github/workflows/flux-ks-sync.yaml
@@ -21,13 +21,15 @@ jobs:
           access_token: ${{ secrets.BW_ACCESS_TOKEN }}
           secrets: |
             1c493889-1e30-4156-a937-b10100433300 > KUBECONFIG
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
 
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml
@@ -15,12 +15,20 @@ jobs:
     name: Label Sync
     runs-on: ubuntu-latest
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
@@ -15,12 +15,20 @@ jobs:
       contents: read
       pull-requests: write
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Labeler
         uses: actions/labeler@v5

diff --git a/.github/workflows/lychee.yaml b/.github/workflows/lychee.yaml
@@ -19,12 +19,20 @@ jobs:
     name: Lychee
     runs-on: ubuntu-latest
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/publish-terraform.yaml b/.github/workflows/publish-terraform.yaml
@@ -16,12 +16,20 @@ jobs:
       contents: read
       packages: write
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -12,12 +12,20 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     steps:
+      - name: Get Secrets
+        uses: bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          secrets: |
+            e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+            5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
       - name: Generate Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "${{ secrets.BOT_APP_ID }}"
-          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4