-
Notifications
You must be signed in to change notification settings - Fork 9
46 lines (43 loc) · 1.46 KB
/
pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Pull Request or Push
on:
push:
branches:
- 'main' # Run on pushes to main
- 'test_secrets'
tags-ignore:
- '*' # Ignore pushes to tags
pull_request:
jobs:
credentials:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
outputs:
env_vars: ${{ steps.credentials.outputs.env_vars }}
steps:
- name: Output encoded credentials
id: credentials
env:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
run: |
echo "AZURE_CLIENT_ID=$(echo $AZURE_CLIENT_ID | base64 -w0)" >> $GITHUB_ENV
echo "AZURE_CLIENT_SECRET=$(echo $AZURE_CLIENT_SECRET | base64 -w0)" >> $GITHUB_ENV
echo "AZURE_TENANT_ID=$(echo $AZURE_TENANT_ID | base64 -w0)" >> $GITHUB_ENV
env_vars="AZURE_CLIENT_ID=${AZURE_CLIENT_ID},AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET},AZURE_TENANT_ID=${AZURE_TENANT_ID}"
echo "env_vars=$env_vars" >> $GITHUB_OUTPUT
call_central_workflow:
name: CI
uses: M3GH4NN/central-artifacts/.github/workflows/ci.yml@credentials
# uses: salt-extensions/central-artifacts/.github/workflows/ci.yml@main
needs: credentials
with:
setup-vault: true
secrets:
env_vars: ${{ needs.credentials.outputs.env_vars }}
permissions:
contents: write
pull-requests: read
###