chore: OIDC Secrets (#984)

DevCycleHQ · Oct 25, 2024 · 95c27e1 · 95c27e1
1 parent c7e36a0
commit 95c27e1
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 8 deletions.
diff --git a/.github/workflows/cf-worker-example-test.yml b/.github/workflows/cf-worker-example-test.yml
@@ -23,7 +23,7 @@ jobs:
             - name: Run Yarn
               run: yarn --immutable
             - name: Setup .dev.vars file
-              run: echo "DEVCYCLE_SERVER_SDK_KEY=${{ secrets.DEVCYCLE_SERVER_SDK_KEY }}" > dev-apps/js-cloud-server/cloudflare-worker/.dev.vars
+              run: echo "DEVCYCLE_SERVER_SDK_KEY=dvc_server_token_hash" > dev-apps/js-cloud-server/cloudflare-worker/.dev.vars
             - name: Run example app in background
               run: |
                   yarn nx serve example-js-cloud-server-sdk-cf-worker &

diff --git a/.github/workflows/nx-affected-e2e.yml b/.github/workflows/nx-affected-e2e.yml
@@ -5,13 +5,23 @@ on:
 jobs:
     build:
         runs-on: ubuntu-latest
+        permissions:
+          contents: read
+          id-token: write
+          pull-requests: write
+          issues: write
         strategy:
             matrix:
                 node-version: [20.x]
         steps:
             - uses: actions/checkout@v4
               with:
                   fetch-depth: 0
+            - name: Set Secrets
+              uses: DevCycleHQ/aws-secrets-action@main
+              with:
+                secrets_map: '{"E2E_NEXTJS_SERVER_KEY":"DEVCYCLE_GITHUB_js-sdks_E2E_NEXTJS_SERVER_KEY", "NEXT_PUBLIC_E2E_NEXTJS_CLIENT_KEY": "DEVCYCLE_GITHUB_js-sdks_NEXT_PUBLIC_E2E_NEXTJS_CLIENT_KEY", "DVC_E2E_SERVER_SDK_KEY": "DEVCYCLE_GITHUB_js-sdks_DVC_E2E_SERVER_SDK_KEY"}'
+                aws_account_id: '134377926370'
             - name: Use Node.js ${{ matrix.node-version }}
               uses: actions/setup-node@v4
               with:
@@ -25,11 +35,6 @@ jobs:
             - name: Run Affected E2E Tests
               shell: bash
               run: yarn affected:e2e
-              env:
-                E2E_NEXTJS_SERVER_KEY: ${{ secrets.E2E_NEXTJS_SERVER_KEY }}
-                NEXT_PUBLIC_E2E_NEXTJS_KEY: ${{ secrets.NEXT_PUBLIC_E2E_NEXTJS_CLIENT_KEY }}
-                NEXT_PUBLIC_E2E_NEXTJS_CLIENT_KEY: ${{ secrets.NEXT_PUBLIC_E2E_NEXTJS_CLIENT_KEY }}
-                DVC_E2E_SERVER_SDK_KEY: ${{ secrets.DVC_E2E_SERVER_SDK_KEY }}
             - name: Upload Playwright Report
               if: always()
               uses: actions/upload-artifact@v4

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -32,6 +32,8 @@ jobs:
         strategy:
             matrix:
                 node-version: [20.x]
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTOMATION_USER_TOKEN }}
         steps:
             # Check out the repo with credentials that can bypass branch protection, and fetch git history instead of just latest commit
             - uses: actions/checkout@v4

diff --git a/.github/workflows/run-test-harness.yml b/.github/workflows/run-test-harness.yml
@@ -31,4 +31,4 @@ jobs:
               with:
                   sdks-to-test: nodejs,of-nodejs
                   sdk-github-sha: ${{github.event.pull_request.head.sha}}
-                  github-token: ${{ secrets.TEST_HARNESS_GH_SECRET }}
+                  github-token: ${{ secrets.AUTOMATION_USER_TOKEN }}
diff --git a/.github/workflows/update-of-sdk.yml b/.github/workflows/update-of-sdk.yml
@@ -19,7 +19,7 @@ jobs:
       - name: Set Git author
         shell: bash
         run: |
-          git config --global user.email "github-tracker-bot@taplytics.com"
+          git config --global user.email "foundation-admin@devcycle.com"
           git config --global user.name "DevCycle Automation"
 
       - name: Set branch name