From b9b1e18c4e485720f5ff81dbe8d8c56b6f9e2721 Mon Sep 17 00:00:00 2001
From: Lucas Mellos Carlos <lucasmelloscarlos@gmail.com>
Date: Fri, 26 Jan 2024 16:50:52 -0300
Subject: [PATCH] add secrets on ci check

---
 .github/workflows/ci-check.yml | 34 ++++++++++++++++++++++++++++++++++
 .github/workflows/ci.yml       |  5 +++++
 2 files changed, 39 insertions(+)

diff --git a/.github/workflows/ci-check.yml b/.github/workflows/ci-check.yml
index 3ee852d4..54445d86 100644
--- a/.github/workflows/ci-check.yml
+++ b/.github/workflows/ci-check.yml
@@ -82,6 +82,22 @@ on:
         required: false
         default: '/usr/share/dotnet'
         description: Set a custom .NET install dir
+      ## Vault Secrets
+      VAULT_SECRETS:
+        type: string
+        default: ''
+        description: 'A comma separated list of secrets to fetch from Vault.'
+        required: false
+      TELEPORT_APP:
+        type: string
+        default: ''
+        description: 'The Teleport app to use.'
+        required: false
+      TELEPORT_PROXY_URL:
+        type: string
+        default: ''
+        description: 'The Teleport proxy URL to use.'
+        required: false
     secrets:
       SONAR_HOST_URL:
         required: false
@@ -98,6 +114,13 @@ on:
       CONTRIBSYS_CREDENTIALS:
         required: false
         description: Contribsys credentials used for ruby gems
+      # Vault Secrets
+      VAULT_TOKEN:
+        required: false
+        description: 'Vault token.'
+      TELEPORT_TOKEN:
+        required: false
+        description: 'Teleport token.'
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -126,6 +149,17 @@ jobs:
         ref: main
         path: actions
 
+    - name: Retrieve Secrets from HashiCorp Vault
+      uses: ./actions/.github/actions/vault-secrets
+      if: ${{ inputs.VAULT_SECRETS != '' }}
+      env:
+        VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
+        VAULT_ADDR: https://${{ inputs.TELEPORT_PROXY_URL }}
+        TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}
+        TELEPORT_APP: ${{ inputs.TELEPORT_APP }}
+        TELEPORT_PROXY_URL: ${{ inputs.TELEPORT_PROXY_URL }}
+        SECRETS: ${{ inputs.VAULT_SECRETS }}
+        
     - name: Up Test dependencies
       if: ${{ inputs.TEST_DEPENDENCIES == true}}
       uses: ./actions/.github/actions/docker-compose
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index deb654c8..efdbd583 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -221,6 +221,9 @@ jobs:
       RUBOCOP: ${{ inputs.RUBOCOP }}
       RUN_TESTS: ${{ inputs.RUN_TESTS }}
       DOTNET_INSTALL_DIR: ${{ inputs.DOTNET_INSTALL_DIR }}
+      VAULT_SECRETS: ${{ inputs.VAULT_SECRETS }}
+      TELEPORT_APP: ${{ inputs.TELEPORT_APP }}
+      TELEPORT_PROXY_URL: ${{ inputs.TELEPORT_PROXY_URL }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
@@ -228,6 +231,8 @@ jobs:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
       GH_BOT_DEPLOY_KEY: ${{ secrets.GH_BOT_DEPLOY_KEY }}
+      VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
+      TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}
 
   BUILD:
     name: BUILD