From b893920c1ac1de8e7bfb50de0076cab24ac08f88 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Thu, 3 Aug 2023 12:38:27 +0100 Subject: [PATCH] retrieve secrets from vault --- .github/workflows/integration_test.yaml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration_test.yaml b/.github/workflows/integration_test.yaml index ac90ea57e..a0fcbf102 100644 --- a/.github/workflows/integration_test.yaml +++ b/.github/workflows/integration_test.yaml @@ -18,6 +18,22 @@ jobs: uses: actions/setup-python@v4 with: python-version: 3.11 + + - name: Retrieve secret from Vault + uses: hashicorp/vault-action@v2.5.0 + with: + method: jwt + url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200" + namespace: "admin/quansight" + role: "repository-nebari-dev-nebari-role" + secrets: | + kv/data/repository/nebari-dev/nebari/amazon_web_services/nebari-dev-ci role_name | AWS_ROLE_ARN; + kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci project_id | PROJECT_ID; + kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci workload_identity_provider | GCP_WORKFLOW_PROVIDER; + kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci service_account_name | GCP_SERVICE_ACCOUNT; + kv/data/repository/nebari-dev/nebari/shared_secrets DIGITALOCEAN_TOKEN | DIGITALOCEAN_TOKEN; + kv/data/repository/nebari-dev/nebari/cloudflare/internal-devops@quansight.com/nebari-dev token | CLOUDFLARE_TOKEN; + - name: Install Nebari run: | pip install .[dev] @@ -28,8 +44,6 @@ jobs: pytest --version pytest tests_integration/ -vvv -s env: - NEBARI_K8S_VERSION: 1.24.13-do.0 - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + NEBARI_K8S_VERSION: 1.25.12-do.0 SPACES_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY_ID }} SPACES_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_ACCESS_KEY }} - CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}