fix: workaround for ARGO_TOKEN

mkolasinski-splunk · web-flow · commit 1d2b9b3cc3fc · 2022-11-02T10:32:29.000+01:00
diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
@@ -674,12 +674,17 @@ jobs:
           addon-name: ${{ needs.setup.outputs.addon-name }}
           sc4s-version: ${{ matrix.sc4s.version }}
           sc4s-docker-registry: ${{ matrix.sc4s.docker_registry }}
+      - name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation
+        id: update-argo-token
+        run: |
+          ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString')
+          echo "::set-output name=argo-token::$ARGO_TOKEN"
       - name: Check if pod was deleted
         id: is-pod-deleted
         if: always()
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         run: |
           set -o xtrace
           if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then
@@ -689,7 +694,7 @@ jobs:
         id: retry-wf
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         run: |
           set -o xtrace
@@ -706,7 +711,7 @@ jobs:
           fi
       - name: check if workflow completed
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         shell: bash
         if: always()
         run: |
@@ -1001,12 +1006,17 @@ jobs:
           addon-name: ${{ needs.setup.outputs.addon-name }}
           vendor-version: ${{ matrix.vendor-version.image }}
           sc4s-version: "No"
+      - name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation
+        id: update-argo-token
+        run: |
+          ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString')
+          echo "::set-output name=argo-token::$ARGO_TOKEN"
       - name: Check if pod was deleted
         id: is-pod-deleted
         if: always()
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         run: |
           set -o xtrace
           if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted" ; then
@@ -1016,7 +1026,7 @@ jobs:
         id: retry-wf
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         run: |
           set -o xtrace
@@ -1033,7 +1043,7 @@ jobs:
           fi
       - name: check if workflow completed
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         shell: bash
         run: |
@@ -1171,12 +1181,17 @@ jobs:
           addon-name: ${{ needs.setup.outputs.addon-name }}
           vendor-version: ${{ matrix.vendor-version.image }}
           sc4s-version: "No"
+      - name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation
+        id: update-argo-token
+        run: |
+          ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString')
+          echo "::set-output name=argo-token::$ARGO_TOKEN"
       - name: Check if pod was deleted
         id: is-pod-deleted
         if: always()
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         run: |
           set -o xtrace
           if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then
@@ -1186,7 +1201,7 @@ jobs:
         id: retry-wf
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         run: |
           set -o xtrace
@@ -1203,7 +1218,7 @@ jobs:
           fi
       - name: check if workflow completed
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         shell: bash
         run: |
