updated version bump + crowdin-pull workflows (#2119)

* updated version bump + crowdin-pull workflows * updated retrieve secrets step and changed gpg vars to reference kv secrets * Removed duplicate step Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2022-10-17 15:19:06 +00:00 · 2022-10-17 15:19:06 +00:00 · d18efdea73
parent a72a0ec0ce
commit d18efdea73
2 changed files with 30 additions and 15 deletions
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@ -24,17 +24,10 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        env:
-          KEYVAULT: bitwarden-prod-kv
-          SECRETS: |
-            crowdin-api-token
-        run: |
-          for i in ${SECRETS//,/ }
-          do
-            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
-            echo "::add-mask::$VALUE"
-            echo "::set-output name=$i::$VALUE"
-          done
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af 
+        with:
+          keyvault: "bitwarden-prod-kv"               
+          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Download translations
        uses: crowdin/github-action@12143a68c213f3c6d9913c9e5023224f7231face
@ -47,10 +40,12 @@ jobs:
          upload_sources: false
          upload_translations: false
          download_translations: true
-          github_user_name: "github-actions"
-          github_user_email: "<>"
+          github_user_name: "bitwarden-devops-bot"
+          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
          commit_message: "Autosync the updated translations"
          localization_branch_name: crowdin-auto-sync
          create_pull_request: true
          pull_request_title: "Autosync Crowdin Translations"
          pull_request_body: "Autosync the updated translations"
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}   
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -16,6 +16,26 @@ jobs:
      - name: Checkout Branch
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579

+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1
+        with:
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
      - name: Create Version Branch
        run: |
          git switch -c version_bump_${{ github.event.inputs.version_number }}
@ -52,8 +72,8 @@ jobs:

      - name: Setup git
        run: |
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
+          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          git config --local user.name "bitwarden-devops-bot"

      - name: Check if version changed
        id: version-changed