diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 246ca5c500..4c71d24bc9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,23 +45,39 @@ jobs: GITHUB_REF: ${{ github.ref }} GITHUB_EVENT: ${{ github.event_name }} + - name: Login to Azure + if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "docker-password, + docker-username, + dct-delegate-2-repo-passphrase, + dct-delegate-2-key" + - name: Log into docker if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' - run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} + DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' run: | mkdir -p ~/.docker/trust/private - echo "${{ secrets.DOCKER_DELEGATION_KEY }}" > ~/.docker/trust/private/$DOCKER_DELEGATION_KEY_ID.key - echo "${{ secrets.DOCKER_REPO_WEB_KEY }}" > ~/.docker/trust/private/$DOCKER_WEB_KEY_ID.key + echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key env: - DOCKER_DELEGATION_KEY_ID: "5702b22123e058cbd96a7a43000cb981ae98ef3f2f4aa34138ab3dc1d011e446" - DOCKER_WEB_KEY_ID: "0f88641697187f42a31b584897cd4edfe80360a5209122d9e7f71af17a6422e4" + DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" + DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - name: Checkout repo uses: actions/checkout@v2