[DEVOPS-1259] reupdate CI-only KV SP (#2858)

* reupdate CI-only KV SP * add some edits
3 years ago · 62c8b4c77d
6 changed files with 22 additions and 12 deletions
--- a/.github/workflows/build-self-host.yml
+++ b/.github/workflows/build-self-host.yml
@ -64,7 +64,7 @@ jobs:
				@@ -64,7 +64,7 @@ jobs:
      - name: Login to Azure - CI Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve github PAT secrets
        id: retrieve-secret-pat
@ -169,7 +169,7 @@ jobs:
				@@ -169,7 +169,7 @@ jobs:
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -283,7 +283,7 @@ jobs:
				@@ -283,7 +283,7 @@ jobs:
      - name: Login to Azure - CI Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve github PAT secrets
        id: retrieve-secret-pat
@ -564,11 +564,11 @@ jobs:
				@@ -564,11 +564,11 @@ jobs:
              exit 1
          fi

-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
--- a/.github/workflows/container-registry-purge.yml
+++ b/.github/workflows/container-registry-purge.yml
@ -84,11 +84,11 @@ jobs:
				@@ -84,11 +84,11 @@ jobs:
              exit 1
          fi

-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -108,6 +108,11 @@ jobs:
				@@ -108,6 +108,11 @@ jobs:
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

+      - name: Login to Azure - CI subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
      - name: Retrieve secrets
        id: retrieve-secrets
        env:
@ -238,7 +243,7 @@ jobs:
				@@ -238,7 +243,7 @@ jobs:
        if: matrix.origin_docker_repo == 'bitwarden'
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
-          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-ci"

      - name: Pull latest project image
--- a/.github/workflows/stop-staging-slots.yml
+++ b/.github/workflows/stop-staging-slots.yml
@ -28,10 +28,10 @@ jobs:
				@@ -28,10 +28,10 @@ jobs:
          echo "NAME_LOWER: $NAME_LOWER"
          echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT

-      - name: Login to Azure
+      - name: Login to Azure - CI Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERRVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
@ -46,6 +46,11 @@ jobs:
				@@ -46,6 +46,11 @@ jobs:
          echo "::add-mask::$webapp_name"
          echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT

+      - name: Login to Azure
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
      - name: Stop staging slot
        env:
          SERVICE: ${{ matrix.name }}
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -16,10 +16,10 @@ jobs:
				@@ -16,10 +16,10 @@ jobs:
      - name: Checkout Branch
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579

-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_CI_KV_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets