From ac3b0c2badf22fd8863b11489860a2b5ad653c93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?=
 <michal.checinski@outlook.com>
Date: Tue, 11 Apr 2023 17:18:59 +0200
Subject: [PATCH] [DEVOPS-1261] Update workflows to use new CI only keyvault
 (#2462)

* Fixed warning in version-bump

* Use new CI Azure Key Vault

* Fix name
---
 .github/workflows/build.yml             | 14 +++++++-------
 .github/workflows/crowdin-pull.yml      |  8 ++++----
 .github/workflows/version-auto-bump.yml |  2 +-
 .github/workflows/version-bump.yml      |  5 +++--
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 362ff1579..d54c8456e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -191,7 +191,7 @@ jobs:
           $androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj");
           $packageName = "com.x8bit.bitwarden";
 
-          if ("${{ matrix.variant }}" -ne "prod") 
+          if ("${{ matrix.variant }}" -ne "prod")
           {
             $packageName = "com.x8bit.bitwarden.${{ matrix.variant }}";
           }
@@ -522,12 +522,12 @@ jobs:
       - name: Login to Azure - Prod Subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
           SECRETS: |
             appcenter-ios-token
         run: |
@@ -776,12 +776,12 @@ jobs:
       - name: Login to Azure
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
           SECRETS: |
             crowdin-api-token
         run: |
@@ -843,13 +843,13 @@ jobs:
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         if: failure()
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         if: failure()
         env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
           SECRETS: |
             devops-alerts-slack-webhook-url
         run: |
diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml
index 6dd2e3c4f..ed83b9bdb 100644
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -20,13 +20,13 @@ jobs:
       - name: Login to Azure
         uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af 
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
         with:
-          keyvault: "bitwarden-prod-kv"               
+          keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Download translations
@@ -48,4 +48,4 @@ jobs:
           pull_request_title: "Autosync Crowdin Translations"
           pull_request_body: "Autosync the updated translations"
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}   
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml
index 5e5ca7328..3bc26d84a 100644
--- a/.github/workflows/version-auto-bump.yml
+++ b/.github/workflows/version-auto-bump.yml
@@ -40,6 +40,6 @@ jobs:
       - name: Bump version to ${{ needs.setup.outputs.version_number }}
         uses: ./.github/workflows/version-bump.yml
         secrets:
-          AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
         with:
           version_number: ${{ needs.setup.outputs.version_number }}
diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index e63664f32..0193d28ca 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -11,6 +11,7 @@ on:
     inputs:
       version_number:
         required: true
+        type: string
     secrets:
       AZURE_PROD_KV_CREDENTIALS:
         required: true
@@ -26,13 +27,13 @@ jobs:
       - name: Login to Azure - Prod Subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
         with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
           secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Import GPG key