Update deprecated Azure Key Vault in workflows (#68)

* Update deprecated Azure Key Vault in workflows * Fix tests
3 years ago · 4d2beb22bd
3 changed files with 26 additions and 12 deletions
--- a/lint-workflow/tests/test.yml
+++ b/lint-workflow/tests/test.yml
@ -24,10 +24,17 @@ jobs:
				@@ -24,10 +24,17 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
-        with:
-          keyvault: "bitwarden-prod-kv"
-          secrets: "crowdin-api-token"
+        env:
+          KEYVAULT: bitwarden-prod-kv
+          SECRETS: |
+            crowdin-api-token
+        run: |
+          for i in ${SECRETS//,/ }
+          do
+            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
+            echo "::add-mask::$VALUE"
+            echo "::set-output name=$i::$VALUE"
+          done

      - name: Download translations
        uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea  # v1.3.2
--- a/lint-workflow/tests/test_lint.py
+++ b/lint-workflow/tests/test_lint.py
@ -10,7 +10,7 @@ def test_lint(capfd):
				@@ -10,7 +10,7 @@ def test_lint(capfd):
        in out
    )
    assert (
-        "\x1b[33mwarning\x1b[0m Step 3 of job key 'crowdin-pull' uses an outdated action, consider updating it"
+        "\x1b[33mwarning\x1b[0m Step 4 of job key 'crowdin-pull' uses an outdated action, consider updating it"
        in out
    )
    assert (
--- a/setup-docker-trust/action.yml
+++ b/setup-docker-trust/action.yml
@ -27,13 +27,20 @@ runs:
				@@ -27,13 +27,20 @@ runs:

    - name: Retrieve secrets
      id: get-secrets
-      uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
-      with:
-        keyvault: ${{ inputs.azure-keyvault-name }}
-        secrets: "docker-password,
-                  docker-username,
-                  dct-delegate-repo-passphrase,
-                  dct-delegate-key"
+      env:
+        KEYVAULT: ${{ inputs.azure-keyvault-name }}
+        SECRETS: |
+          docker-password,
+          docker-username,
+          dct-delegate-repo-passphrase,
+          dct-delegate-key
+      run: |
+        for i in ${SECRETS//,/ }
+        do
+          VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
+          echo "::add-mask::$VALUE"
+          echo "::set-output name=$i::$VALUE"
+        done

    - name: Log into Docker
      shell: bash