pass secrets as inputs

replicatedhq · Nov 28, 2023 · bf55a46 · bf55a46
1 parent ef344c4
commit bf55a46
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 3 deletions.
diff --git a/.github/actions/build-push-kotsadm-image/action.yml b/.github/actions/build-push-kotsadm-image/action.yml
@@ -1,6 +1,18 @@
 name: 'Build and push kotsadm image'
 description: 'Composite action for building and pushing kotsadm image'
 inputs:
+  chainguard-gcp-wif-pool:
+    description: 'Chainguard's GCP workload identity pool'
+    required: true
+
+  chainguard-gcp-sa:
+    description: 'Chainguard's GCP service account'
+    required: true
+
+  chainguard-gcp-project-id:
+    description: 'Chainguard's GCP project ID'
+    required: true
+
   image-name:
     description: 'Full destination kotsadm image name'
     required: true
@@ -24,12 +36,12 @@ runs:
   steps:
     - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
       with:
-        workload_identity_provider: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }}
-        service_account: ${{ secrets.CHAINGUARD_GCP_SA }}
+        workload_identity_provider: ${{ inputs.chainguard-gcp-wif-pool }}
+        service_account: ${{ inputs.chainguard-gcp-sa }}
 
     - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
       with:
-        project_id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }}
+        project_id: ${{ inputs.chainguard-gcp-project-id }}
 
     - name: setup packages gcsfuse
       env:

diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml
@@ -273,6 +273,9 @@ jobs:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/build-push-kotsadm-image
         with:
+          chainguard-gcp-wif-pool: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }}
+          chainguard-gcp-sa: ${{ secrets.CHAINGUARD_GCP_SA }}
+          chainguard-gcp-project-id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }}
           image-name: ttl.sh/automated-${{ github.run_id }}/kotsadm:24h
           git-tag: ${{ needs.generate-tag.outputs.tag }}
 

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -190,6 +190,9 @@ jobs:
       uses: actions/checkout@v3
     - uses: ./.github/actions/build-push-kotsadm-image
       with:
+        chainguard-gcp-wif-pool: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }}
+        chainguard-gcp-sa: ${{ secrets.CHAINGUARD_GCP_SA }}
+        chainguard-gcp-project-id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }}
         image-name: index.docker.io/kotsadm/kotsadm:${{ needs.generate-tag.outputs.tag }}
         git-tag: ${{ needs.generate-tag.outputs.tag }}
         registry-username: ${{ secrets.DOCKERHUB_USER }}