From 737eaf79cc7e52ec9c487007f3e4e00d965847a1 Mon Sep 17 00:00:00 2001
From: Joey Orlando <joey.orlando@grafana.com>
Date: Mon, 23 Sep 2024 12:30:31 -0400
Subject: [PATCH] ci: patch issue in gcom curl command (#5061)

## Which issue(s) this PR closes

Fix
https://github.com/grafana/oncall/actions/runs/10997991428/job/30535419238#step:9:1
---
 .github/actions/build-sign-and-package-plugin/action.yml | 9 +++------
 .github/workflows/on-release-published.yml               | 3 ++-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/actions/build-sign-and-package-plugin/action.yml b/.github/actions/build-sign-and-package-plugin/action.yml
index b4a6321f05..e0a9b6558b 100644
--- a/.github/actions/build-sign-and-package-plugin/action.yml
+++ b/.github/actions/build-sign-and-package-plugin/action.yml
@@ -7,18 +7,15 @@ inputs:
       it as the official plugin version.
     required: true
 outputs:
+  authoritative_version_number:
+    description: "The version number of the plugin used for publishing artifacts"
+    value: ${{ steps.plugin-version.outputs.version }}
   artifact_filename:
     description: "The filename of the plugin artifact"
     value: ${{ steps.artifact-filename.outputs.filename }}
 runs:
   using: "composite"
   steps:
-    # This will fetch the secret keys from vault and set them as environment variables for subsequent steps
-    - name: Get Vault secrets
-      uses: grafana/shared-workflows/actions/get-vault-secrets@main
-      with:
-        repo_secrets: |
-          GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token
     - name: Determine official plugin version
       id: plugin-version
       shell: bash
diff --git a/.github/workflows/on-release-published.yml b/.github/workflows/on-release-published.yml
index 82c40e8d77..dcb7fae09a 100644
--- a/.github/workflows/on-release-published.yml
+++ b/.github/workflows/on-release-published.yml
@@ -36,6 +36,7 @@ jobs:
         uses: grafana/shared-workflows/actions/get-vault-secrets@main
         with:
           repo_secrets: |
+            GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token
             GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher
       - name: Build, sign, and package plugin
         id: build-sign-and-package-plugin
@@ -57,7 +58,7 @@ jobs:
         id: gcs-artifact-url
         # yamllint disable rule:line-length
         run: |
-          echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ github.ref_name }}.zip" >> $GITHUB_OUTPUT
+          echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ steps.build-sign-and-package-plugin.outputs.authoritative_version_number }}.zip" >> $GITHUB_OUTPUT
       - name: Publish plugin to grafana.com
         run: |
           curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins