From 7257636dc7910397c1bb372170f692f4870ce08b Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Wed, 5 Feb 2025 16:26:50 -0800 Subject: [PATCH 1/3] Add `OP_SERVICE_ACCOUNT_TOKEN` input instead of secret --- .github/actions/composite/setupGitForOSBotify/action.yml | 7 ++++++- .../actions/composite/setupGitForOSBotifyApp/action.yml | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/actions/composite/setupGitForOSBotify/action.yml b/.github/actions/composite/setupGitForOSBotify/action.yml index a655a67f1f44..0b212f7b40d7 100644 --- a/.github/actions/composite/setupGitForOSBotify/action.yml +++ b/.github/actions/composite/setupGitForOSBotify/action.yml @@ -1,6 +1,11 @@ name: 'Setup Git for OSBotify' description: 'Setup Git for OSBotify' +inputs: + OP_SERVICE_ACCOUNT_TOKEN: + description: "1Password service account token" + required: true + runs: using: composite steps: @@ -10,7 +15,7 @@ runs: - name: Load files from 1Password shell: bash env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.OP_SERVICE_ACCOUNT_TOKEN }} run: op read "op://Mobile-Deploy-CI/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc - name: Import OSBotify GPG Key diff --git a/.github/actions/composite/setupGitForOSBotifyApp/action.yml b/.github/actions/composite/setupGitForOSBotifyApp/action.yml index 1321a3043649..d8e5e8e1e18f 100644 --- a/.github/actions/composite/setupGitForOSBotifyApp/action.yml +++ b/.github/actions/composite/setupGitForOSBotifyApp/action.yml @@ -5,6 +5,9 @@ name: "Setup Git for OSBotify" description: "Setup Git for OSBotify" inputs: + OP_SERVICE_ACCOUNT_TOKEN: + description: "1Password service account token" + required: true OS_BOTIFY_APP_ID: description: "Application ID for OS Botify" required: true @@ -42,7 +45,7 @@ runs: - name: Load files from 1Password shell: bash env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.OP_SERVICE_ACCOUNT_TOKEN }} run: op read "op://Mobile-Deploy-CI/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc - name: Import OSBotify GPG Key From 5c10b746455f73761056ae4057e4d3bffff2997e Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Wed, 5 Feb 2025 16:29:45 -0800 Subject: [PATCH 2/3] Add service account to all instances --- .github/workflows/cherryPick.yml | 1 + .github/workflows/createNewVersion.yml | 2 ++ .github/workflows/deploy.yml | 1 + .github/workflows/finishReleaseCycle.yml | 3 +++ .github/workflows/preDeploy.yml | 1 + 5 files changed, 8 insertions(+) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 683568e255ef..425baa37eb15 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -45,6 +45,7 @@ jobs: id: setupGitForOSBotify uses: ./.github/actions/composite/setupGitForOSBotifyApp with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 6245af07a121..6c5a18bf4425 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -70,6 +70,8 @@ jobs: - name: Setup git for OSBotify uses: ./.github/actions/composite/setupGitForOSBotify id: setupGitForOSBotify + with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: Generate new E/App version id: bumpVersion diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 65fc2f2fbe9b..4b4ea2413ae5 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -45,6 +45,7 @@ jobs: uses: ./.github/actions/composite/setupGitForOSBotifyApp id: setupGitForOSBotify with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 7a6690c27456..ca030e95de1d 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -22,6 +22,7 @@ jobs: uses: ./.github/actions/composite/setupGitForOSBotifyApp id: setupGitForOSBotify with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} @@ -86,6 +87,7 @@ jobs: id: setupGitForOSBotify uses: ./.github/actions/composite/setupGitForOSBotifyApp with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} @@ -126,6 +128,7 @@ jobs: - name: Setup git for OSBotify uses: ./.github/actions/composite/setupGitForOSBotifyApp with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index f8723f55866c..10ca10882464 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -104,6 +104,7 @@ jobs: - name: Setup Git for OSBotify uses: ./.github/actions/composite/setupGitForOSBotifyApp with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} From ae548a75024f100dc25ab61d9f70193242369317 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Wed, 5 Feb 2025 16:36:56 -0800 Subject: [PATCH 3/3] Add secret to fix lint --- .github/workflows/createNewVersion.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 6c5a18bf4425..a933c2f1686f 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -29,6 +29,9 @@ on: OS_BOTIFY_COMMIT_TOKEN: description: OSBotify personal access token, used to workaround committing to protected branch required: true + OP_SERVICE_ACCOUNT_TOKEN: + description: 1Password service account token + required: true jobs: validateActor: