From edf9ae89b8c02a521730024faeb304164a6d2a81 Mon Sep 17 00:00:00 2001
From: Jack Yu <jack.yu@suse.com>
Date: Fri, 14 Jun 2024 11:12:31 +0800
Subject: [PATCH] ci: use read-vault-secret

Signed-off-by: Jack Yu <jack.yu@suse.com>
---
 .github/workflows/pull-request.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index d2375441fad..6122d407405 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -4,6 +4,18 @@ on:
   pull_request_target:
 
 jobs:
+  readvault:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+    - name: Read some Secrets
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/netlify-auth-token/credentials token | NETLIFY_AUTH_TOKEN ;
+          secret/data/github/repo/${{ github.repository }}/netlify-site-id/credentials token | NETLIFY_SITE_ID 
+
   build:
     runs-on: ubuntu-latest
     permissions: