Switch from repo secrets to vars

a-b · a-b · commit 2787782203fa · 2024-10-04T06:36:15.000-07:00
- cleanup
diff --git a/.github/workflows/release-build-sign-upload.yml b/.github/workflows/release-build-sign-upload.yml
@@ -52,7 +52,7 @@ jobs:
     runs-on: ubuntu-latest
 
     outputs:
-      aws-s3-bucket:       "v${{ steps.parse-semver.outputs.version-major }}-cf-cli-releases"
+      aws-s3-bucket: "v${{ steps.parse-semver.outputs.version-major }}-cf-cli-releases"
 
       version-build: ${{ steps.parse-semver.outputs.version-build }}
       version-major: ${{ steps.parse-semver.outputs.version-major }}
@@ -730,8 +730,8 @@ jobs:
       actions: read
       contents: read
     env:
-      AWS_ACCESS_KEY_ID:     ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_REGION:            ${{ secrets.AWS_REGION }}
+      AWS_ACCESS_KEY_ID:     ${{ vars.AWS_ACCESS_KEY_ID }}
+      AWS_REGION:            ${{ vars.AWS_REGION }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_S3_BUCKET:         ${{ needs.setup.outputs.aws-s3-bucket }}
       VERSION_BUILD:         ${{ needs.setup.outputs.version-build }}
@@ -836,17 +836,13 @@ jobs:
 
     - name: Setup aws to upload installers to CLAW S3 bucket
       uses: aws-actions/configure-aws-credentials@v4
-      env:
-        AWS_ACCESS_KEY_ID:     ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_S3_ROLE_ARN:       ${{ secrets.AWS_S3_ROLE_ARN }}
       with:
-        aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-west-1
-        role-to-assume: ${{ env.AWS_S3_ROLE_ARN }}
+        aws-access-key-id:     ${{ vars.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY  }}
+        aws-region:            ${{ vars.AWS_REGION }}
+        role-to-assume:        ${{ vars.AWS_S3_ROLE_ARN }}
         role-skip-session-tagging: true
-        role-duration-seconds: 1200
+        role-duration-seconds:     1200
 
     - name: Upload installers to CLAW S3 bucket
       run: aws s3 sync upload "s3://v${VERSION_MAJOR}-cf-cli-releases/releases/v${VERSION_BUILD}/"
diff --git a/.github/workflows/release-update-repos.yml b/.github/workflows/release-update-repos.yml
@@ -300,13 +300,13 @@ jobs:
 
     - name: Update Debian Repository
       env:
-        DEBIAN_FRONTEND:    noninteractive
-        SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_BUCKET_NAME: cf-cli-debian-repo
-        AWS_DEFAULT_REGION: us-west-2
+        DEBIAN_FRONTEND:       noninteractive
+        SIGNING_KEY_GPG_ID:    ${{ secrets.SIGNING_KEY_GPG_ID }}
+        AWS_ACCESS_KEY_ID:     ${{ vars.AWS_ACCESS_KEY_ID }}
+        AWS_BUCKET_NAME:       cf-cli-debian-repo
+        AWS_DEFAULT_REGION:    us-west-2
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }}
+        AWS_S3_ROLE_ARN:       ${{ vars.AWS_S3_ROLE_ARN }}
       run: |
         export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_S3_ROLE_ARN} --role-session-name foobar --output text --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]"))
         deb-s3 upload installers/*.deb \
@@ -371,7 +371,7 @@ jobs:
     # TODO: fix backup
     # - name: Download current RPM repodata
     #   env:
-    #     AWS_ACCESS_KEY_ID:     ${{ secrets.AWS_ACCESS_KEY_ID }}
+    #     AWS_ACCESS_KEY_ID:     ${{ vars.AWS_ACCESS_KEY_ID }}
     #     AWS_DEFAULT_REGION:    us-east-1
     #     AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     #   uses: docker://amazon/aws-cli:latest
@@ -405,17 +405,13 @@ jobs:
 
     - name: Setup aws to upload installers to CLAW S3 bucket
       uses: aws-actions/configure-aws-credentials@v4
-      env:
-        AWS_ACCESS_KEY_ID:     ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_S3_ROLE_ARN:       ${{ secrets.AWS_S3_ROLE_ARN }}
       with:
-        aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-west-1
-        role-to-assume: ${{ env.AWS_S3_ROLE_ARN }}
+        aws-access-key-id:     ${{ vars.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region:            ${{ vars.AWS_REGION }}
+        role-to-assume:        ${{ vars.AWS_S3_ROLE_ARN }}
         role-skip-session-tagging: true
-        role-duration-seconds: 1200
+        role-duration-seconds:     1200
 
     - name: Download V8 RPMs
       run: aws s3 sync --exclude "*" --include "releases/*/*installer*.rpm" s3://v8-cf-cli-releases .
