From bf55a46b92bc7725c007c08de019cd2abb9d3624 Mon Sep 17 00:00:00 2001
From: Salah Aldeen Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 28 Nov 2023 20:11:14 +0000
Subject: [PATCH] pass secrets as inputs

---
 .../build-push-kotsadm-image/action.yml        | 18 +++++++++++++++---
 .github/workflows/build-test.yaml              |  3 +++
 .github/workflows/release.yaml                 |  3 +++
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/.github/actions/build-push-kotsadm-image/action.yml b/.github/actions/build-push-kotsadm-image/action.yml
index 72a4bfe89f..aecb4bcbe1 100644
--- a/.github/actions/build-push-kotsadm-image/action.yml
+++ b/.github/actions/build-push-kotsadm-image/action.yml
@@ -1,6 +1,18 @@
 name: 'Build and push kotsadm image'
 description: 'Composite action for building and pushing kotsadm image'
 inputs:
+  chainguard-gcp-wif-pool:
+    description: 'Chainguard's GCP workload identity pool'
+    required: true
+
+  chainguard-gcp-sa:
+    description: 'Chainguard's GCP service account'
+    required: true
+
+  chainguard-gcp-project-id:
+    description: 'Chainguard's GCP project ID'
+    required: true
+
   image-name:
     description: 'Full destination kotsadm image name'
     required: true
@@ -24,12 +36,12 @@ runs:
   steps:
     - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
       with:
-        workload_identity_provider: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }}
-        service_account: ${{ secrets.CHAINGUARD_GCP_SA }}
+        workload_identity_provider: ${{ inputs.chainguard-gcp-wif-pool }}
+        service_account: ${{ inputs.chainguard-gcp-sa }}
 
     - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
       with:
-        project_id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }}
+        project_id: ${{ inputs.chainguard-gcp-project-id }}
 
     - name: setup packages gcsfuse
       env:
diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml
index 7336836a2a..42acbfac93 100644
--- a/.github/workflows/build-test.yaml
+++ b/.github/workflows/build-test.yaml
@@ -273,6 +273,9 @@ jobs:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/build-push-kotsadm-image
         with:
+          chainguard-gcp-wif-pool: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }}
+          chainguard-gcp-sa: ${{ secrets.CHAINGUARD_GCP_SA }}
+          chainguard-gcp-project-id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }}
           image-name: ttl.sh/automated-${{ github.run_id }}/kotsadm:24h
           git-tag: ${{ needs.generate-tag.outputs.tag }}
 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 356354ee9c..6507b453ea 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -190,6 +190,9 @@ jobs:
       uses: actions/checkout@v3
     - uses: ./.github/actions/build-push-kotsadm-image
       with:
+        chainguard-gcp-wif-pool: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }}
+        chainguard-gcp-sa: ${{ secrets.CHAINGUARD_GCP_SA }}
+        chainguard-gcp-project-id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }}
         image-name: index.docker.io/kotsadm/kotsadm:${{ needs.generate-tag.outputs.tag }}
         git-tag: ${{ needs.generate-tag.outputs.tag }}
         registry-username: ${{ secrets.DOCKERHUB_USER }}