[DEVOPS-1257] Update workflows to use new CI only keyvault (#35)

* Update workflows to use new CI only keyvault * Fix name of the secret
3 years ago · 1fb8a1d3dc
3 changed files with 11 additions and 11 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -81,8 +81,8 @@ jobs:
				@@ -81,8 +81,8 @@ jobs:
        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
-          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
-          azure-keyvault-name: "bitwarden-prod-kv"
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          azure-keyvault-name: "bitwarden-ci"

      - name: Get build artifact
        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -70,8 +70,8 @@ jobs:
				@@ -70,8 +70,8 @@ jobs:
        id: setup-dct
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
-          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
-          azure-keyvault-name: "bitwarden-prod-kv"
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          azure-keyvault-name: "bitwarden-ci"

      - name: Checkout repo
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
@ -157,13 +157,13 @@ jobs:
				@@ -157,13 +157,13 @@ jobs:
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        if: failure()
        env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
          SECRETS: |
            devops-alerts-slack-webhook-url
        run: |
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -16,17 +16,17 @@ jobs:
				@@ -16,17 +16,17 @@ jobs:
    steps:
      - name: Checkout Branch
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-      
+
      - name: Login to Azure - Prod Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Import GPG key
@ -41,7 +41,7 @@ jobs:
				@@ -41,7 +41,7 @@ jobs:
        run: |
          git switch -c version_bump_${{ github.event.inputs.version_number }}
          git push -u origin version_bump_${{ github.event.inputs.version_number }}
-          
+
      - name: Checkout Version Branch
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
        with:
@ -58,7 +58,7 @@ jobs:
				@@ -58,7 +58,7 @@ jobs:
          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
          git config --local user.name "bitwarden-devops-bot"
          git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a
-          
+
      - name: Push changes
        run: git push -u origin version_bump_${{ github.event.inputs.version_number }}