This repository was archived by the owner on May 19, 2025. It is now read-only.
Commit 98d90b4
authored
Use ESC secrets
These changes migrate this repo's GitHub Actions Workflows to use ESC secrets instead of GitHub Secrets.
The changes are largely mechanical:
- Common configuration for all ESC actions within a workflow is added to the workflow's environment variables
- Permissions are expanded as necessary for workflows that do not grant `id-token: write` permissions
- `read-all` permissions are replaced with the union of all explicit read permissions and `id-token: write`
- Default permissions are replaced with `write-all`, which is the equivalent of all explicit write permissions and
`id-token: write`
- Explicit permissions are modified to grant `id-token: write`
- A step that fetches ESC secrets and populates environment variables is added to each step that reads secrets
- Direct references to secrets within the job are replaced with references to the step's outputs
All ESC actions are configured to fetch secrets from a shared ESC environment that contains secrets migrated from GitHub Actions. The ESC action performs its own OIDC exchange to obtain a Pulumi Access Token.1 parent 7eff602 commit 98d90b4
1 file changed
+11
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
1 | 8 | | |
2 | 9 | | |
3 | 10 | | |
| |||
9 | 16 | | |
10 | 17 | | |
11 | 18 | | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
12 | 22 | | |
13 | 23 | | |
14 | 24 | | |
15 | 25 | | |
16 | 26 | | |
17 | 27 | | |
18 | 28 | | |
19 | | - | |
| 29 | + | |
20 | 30 | | |
21 | 31 | | |
0 commit comments