add secrets on ci check

signalwire · Jan 26, 2024 · b9b1e18 · b9b1e18
1 parent e3f7b98
commit b9b1e18
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/.github/workflows/ci-check.yml b/.github/workflows/ci-check.yml
@@ -82,6 +82,22 @@ on:
         required: false
         default: '/usr/share/dotnet'
         description: Set a custom .NET install dir
+      ## Vault Secrets
+      VAULT_SECRETS:
+        type: string
+        default: ''
+        description: 'A comma separated list of secrets to fetch from Vault.'
+        required: false
+      TELEPORT_APP:
+        type: string
+        default: ''
+        description: 'The Teleport app to use.'
+        required: false
+      TELEPORT_PROXY_URL:
+        type: string
+        default: ''
+        description: 'The Teleport proxy URL to use.'
+        required: false
     secrets:
       SONAR_HOST_URL:
         required: false
@@ -98,6 +114,13 @@ on:
       CONTRIBSYS_CREDENTIALS:
         required: false
         description: Contribsys credentials used for ruby gems
+      # Vault Secrets
+      VAULT_TOKEN:
+        required: false
+        description: 'Vault token.'
+      TELEPORT_TOKEN:
+        required: false
+        description: 'Teleport token.'
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -126,6 +149,17 @@ jobs:
         ref: main
         path: actions
 
+    - name: Retrieve Secrets from HashiCorp Vault
+      uses: ./actions/.github/actions/vault-secrets
+      if: ${{ inputs.VAULT_SECRETS != '' }}
+      env:
+        VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
+        VAULT_ADDR: https://${{ inputs.TELEPORT_PROXY_URL }}
+        TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}
+        TELEPORT_APP: ${{ inputs.TELEPORT_APP }}
+        TELEPORT_PROXY_URL: ${{ inputs.TELEPORT_PROXY_URL }}
+        SECRETS: ${{ inputs.VAULT_SECRETS }}
+
     - name: Up Test dependencies
       if: ${{ inputs.TEST_DEPENDENCIES == true}}
       uses: ./actions/.github/actions/docker-compose

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -221,13 +221,18 @@ jobs:
       RUBOCOP: ${{ inputs.RUBOCOP }}
       RUN_TESTS: ${{ inputs.RUN_TESTS }}
       DOTNET_INSTALL_DIR: ${{ inputs.DOTNET_INSTALL_DIR }}
+      VAULT_SECRETS: ${{ inputs.VAULT_SECRETS }}
+      TELEPORT_APP: ${{ inputs.TELEPORT_APP }}
+      TELEPORT_PROXY_URL: ${{ inputs.TELEPORT_PROXY_URL }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
       SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
       GH_BOT_DEPLOY_KEY: ${{ secrets.GH_BOT_DEPLOY_KEY }}
+      VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
+      TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}
 
   BUILD:
     name: BUILD