[DEVOPS-1261] Update workflows to use new CI only keyvault (#2462)

* Fixed warning in version-bump * Use new CI Azure Key Vault * Fix name
2023-04-11 17:18:59 +02:00 · 2023-04-11 17:18:59 +02:00 · ac3b0c2bad
parent 1823efa0e5
commit ac3b0c2bad
4 changed files with 15 additions and 14 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -191,7 +191,7 @@ jobs:
          $androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj");
          $packageName = "com.x8bit.bitwarden";

-          if ("${{ matrix.variant }}" -ne "prod") 
+          if ("${{ matrix.variant }}" -ne "prod")
          {
            $packageName = "com.x8bit.bitwarden.${{ matrix.variant }}";
          }
@ -522,12 +522,12 @@ jobs:
      - name: Login to Azure - Prod Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
          SECRETS: |
            appcenter-ios-token
        run: |
@ -776,12 +776,12 @@ jobs:
      - name: Login to Azure
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
          SECRETS: |
            crowdin-api-token
        run: |
@ -843,13 +843,13 @@ jobs:
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        if: failure()
        env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
          SECRETS: |
            devops-alerts-slack-webhook-url
        run: |
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@ -20,13 +20,13 @@ jobs:
      - name: Login to Azure
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af 
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"               
+          keyvault: "bitwarden-ci"
          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Download translations
@ -48,4 +48,4 @@ jobs:
          pull_request_title: "Autosync Crowdin Translations"
          pull_request_body: "Autosync the updated translations"
          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}   
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
--- a/.github/workflows/version-auto-bump.yml
+++ b/.github/workflows/version-auto-bump.yml
@ -40,6 +40,6 @@ jobs:
      - name: Bump version to ${{ needs.setup.outputs.version_number }}
        uses: ./.github/workflows/version-bump.yml
        secrets:
-          AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
        with:
          version_number: ${{ needs.setup.outputs.version_number }}
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -11,6 +11,7 @@ on:
    inputs:
      version_number:
        required: true
+        type: string
    secrets:
      AZURE_PROD_KV_CREDENTIALS:
        required: true
@ -26,13 +27,13 @@ jobs:
      - name: Login to Azure - Prod Subscription
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Import GPG key