From 2440dfb4a32c4c5bd73cfd954f56d21a6e336fac Mon Sep 17 00:00:00 2001
From: Izaim <hello@izaim.de>
Date: Tue, 26 Mar 2024 00:21:20 +0100
Subject: [PATCH] getting to learn GitHub actions secret management

---
 .github/workflows/test_coverage_with_tokens.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test_coverage_with_tokens.yml b/.github/workflows/test_coverage_with_tokens.yml
index 5e9adcfa..f877dbc0 100644
--- a/.github/workflows/test_coverage_with_tokens.yml
+++ b/.github/workflows/test_coverage_with_tokens.yml
@@ -38,9 +38,16 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          COGNITO_INIT: ${{ secrets.COGNITO_INIT }}
+          COGNITO_USER_POOL_ID: ${{ secrets.COGNITO_USER_POOL_ID }}
+          COGNITO_CLIENT_ID: ${{ secrets.COGNITO_CLIENT_ID }}
+          COGNITO_AUTH_FLOW: ${{ secrets.COGNITO_AUTH_FLOW }}
+          COGNITO_USERNAME: ${{ secrets.COGNITO_USERNAME }}
+          COGNITO_PASSWORD: ${{ secrets.COGNITO_PASSWORD }}
+
         run: |
           pip install awscli
-          OUTPUT=$(aws cognito-idp admin-initiate-auth --user-pool-id ${{ secrets.COGNITO_USER_POOL_ID }} --client-id ${{ secrets.COGNITO_CLIENT_ID }} --auth-flow ${{ secrets.COGNITO_AUTH_FLOW }} --auth-parameters USERNAME=${{ secrets.COGNITO_USERNAME }},PASSWORD=${{ secrets.COGNITO_PASSWORD }})
+          OUTPUT=$(aws cognito-idp $COGNITO_INIT --user-pool-id $COGNITO_USER_POOL_ID --client-id $COGNITO_CLIENT_ID --auth-flow $COGNITO_AUTH_FLOW --auth-parameters USERNAME=$COGNITO_USERNAME,PASSWORD=$COGNITO_PASSWORD)
           export ACCESS_TOKEN=$(echo "$OUTPUT" | jq -r '.AuthenticationResult.AccessToken' | sed 's/^"\(.*\)"$/\1/')
           export ID_TOKEN=$(echo "$OUTPUT" | jq -r '.AuthenticationResult.IdToken' | sed 's/^"\(.*\)"$/\1/')
 
@@ -59,6 +66,6 @@ jobs:
         run: pytest --cov --cov-fail-under=85
         env:
           CRIPT_HOST: https://lb-stage.mycriptapp.org/
-          CRIPT_TOKEN: ${{ steps.cognito.outputs.ID_TOKEN }}
-          CRIPT_STORAGE_TOKEN: ${{ steps.cognito.outputs.ACCESS_TOKEN }}
+          CRIPT_TOKEN: $ID_TOKEN
+          CRIPT_STORAGE_TOKEN: $ACCESS_TOKEN
           CRIPT_TESTS: False