Skip to content

Commit

Permalink
ci: import sentry secrets from vault
Browse files Browse the repository at this point in the history
Closes #4413
  • Loading branch information
barmac authored and marstamm committed Jul 2, 2024
1 parent 6102759 commit d96687e
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 35 deletions.
50 changes: 27 additions & 23 deletions .github/workflows/NIGHTLY.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,21 @@ jobs:
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/desktop-modeler/ci/sentry SENTRY_AUTH_TOKEN;
secret/data/products/desktop-modeler/ci/sentry SENTRY_DSN;
secret/data/products/desktop-modeler/ci/sentry SENTRY_ORG;
secret/data/products/desktop-modeler/ci/sentry SENTRY_PROJECT;
secret/data/common/jenkins/downloads-camunda-cloud_google_sa_key DOWNLOAD_CENTER_GCLOUD_KEY_BYTES | GCP_CREDENTIALS_NAME;
- name: Build nightly (Linux)
if: ${{ runner.os == 'Linux' }}
Expand All @@ -41,10 +56,10 @@ jobs:
MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
MIXPANEL_STAGE: "int"
NIGHTLY: 1
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ secrets.SENTRY_DSN }}"
SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
SENTRY_AUTH_TOKEN: "${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ steps.secrets.outputs.SENTRY_DSN }}"
SENTRY_ORG: "${{ steps.secrets.outputs.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ steps.secrets.outputs.SENTRY_PROJECT }}"
UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}"
run: npm run build -- --linux

Expand All @@ -59,10 +74,10 @@ jobs:
MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
MIXPANEL_STAGE: "int"
NIGHTLY: 1
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ secrets.SENTRY_DSN }}"
SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
SENTRY_AUTH_TOKEN: "${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ steps.secrets.outputs.SENTRY_DSN }}"
SENTRY_ORG: "${{ steps.secrets.outputs.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ steps.secrets.outputs.SENTRY_PROJECT }}"
UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}"
run: npm run build -- --mac

Expand All @@ -72,24 +87,13 @@ jobs:
MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
MIXPANEL_STAGE: "int"
NIGHTLY: 1
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ secrets.SENTRY_DSN }}"
SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
SENTRY_AUTH_TOKEN: "${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ steps.secrets.outputs.SENTRY_DSN }}"
SENTRY_ORG: "${{ steps.secrets.outputs.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ steps.secrets.outputs.SENTRY_PROJECT }}"
UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}"
run: npm run build -- --win

- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/common/jenkins/downloads-camunda-cloud_google_sa_key DOWNLOAD_CENTER_GCLOUD_KEY_BYTES | GCP_CREDENTIALS_NAME;
- name: Upload artifact to Camunda Download Center
uses: camunda/infra-global-github-actions/download-center-upload@40a4ed3a870fa58eb5e994737c79ef690e949ea7
with:
Expand Down
38 changes: 26 additions & 12 deletions .github/workflows/RELEASE.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,20 @@ jobs:
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/desktop-modeler/ci/sentry SENTRY_AUTH_TOKEN;
secret/data/products/desktop-modeler/ci/sentry SENTRY_DSN;
secret/data/products/desktop-modeler/ci/sentry SENTRY_ORG;
secret/data/products/desktop-modeler/ci/sentry SENTRY_PROJECT;
- name: Build release (Linux)
if: ${{ runner.OS == 'Linux' }}
Expand All @@ -48,10 +62,10 @@ jobs:
CSC_KEY_PASSWORD: "${{ secrets.CSC_KEY_PASSWORD }}"
MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
MIXPANEL_STAGE: "prod"
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ secrets.SENTRY_DSN }}"
SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
SENTRY_AUTH_TOKEN: "${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ steps.secrets.outputs.SENTRY_DSN }}"
SENTRY_ORG: "${{ steps.secrets.outputs.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ steps.secrets.outputs.SENTRY_PROJECT }}"
UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}"
GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
NODE_ENV: "production"
Expand All @@ -66,10 +80,10 @@ jobs:
CSC_KEY_PASSWORD: "${{ secrets.CSC_KEY_PASSWORD }}"
MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
MIXPANEL_STAGE: "prod"
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ secrets.SENTRY_DSN }}"
SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
SENTRY_AUTH_TOKEN: "${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ steps.secrets.outputs.SENTRY_DSN }}"
SENTRY_ORG: "${{ steps.secrets.outputs.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ steps.secrets.outputs.SENTRY_PROJECT }}"
UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}"
GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
NODE_ENV: "production"
Expand All @@ -79,10 +93,10 @@ jobs:
env:
MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
MIXPANEL_STAGE: "prod"
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ secrets.SENTRY_DSN }}"
SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
SENTRY_AUTH_TOKEN: "${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}"
SENTRY_DSN: "${{ steps.secrets.outputs.SENTRY_DSN }}"
SENTRY_ORG: "${{ steps.secrets.outputs.SENTRY_ORG }}"
SENTRY_PROJECT: "${{ steps.secrets.outputs.SENTRY_PROJECT }}"
UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}"
GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
NODE_ENV: "production"
Expand Down

0 comments on commit d96687e

Please sign in to comment.