fix: ches export secrets #6625

Workflow file for this run

	# Main workflow, orchestrating and triggering other workflows
	name: main

	on:
	workflow_call: # be sure to use 'secrets: inherit' in the caller
	push:
	branches: ['main']
	pull_request:
	branches: [main]

	jobs:
	build:
	uses: ./.github/workflows/build.yaml

	install-env:
	uses: ./.github/workflows/install-env.yaml
	secrets: inherit

	test-code:
	needs: [install-env]
	uses: ./.github/workflows/test-code.yaml
	secrets: inherit

	test-checks:
	uses: ./.github/workflows/test-checks.yaml
	secrets: inherit

	test-containers:
	needs: [build]
	uses: ./.github/workflows/test-containers.yaml
	secrets:
	HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }}
	HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }}
	RENOVATE_GITHUB_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
	RENOVATE_PRIVATE_KEY: ${{ secrets.RENOVATE_PRIVATE_KEY }}

	test-zap:
	needs: [build, install-env]
	uses: ./.github/workflows/test-zap.yaml

	test-e2e:
	needs: [build, install-env]
	uses: ./.github/workflows/test-e2e.yaml
	secrets:
	HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }}
	HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }}
	RENOVATE_GITHUB_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
	RENOVATE_PRIVATE_KEY: ${{ secrets.RENOVATE_PRIVATE_KEY }}

	create-release-pr:
	if: github.event.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	token: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
	- name: Set up Git and import GPG key
	env:
	GPG_PRIVATE_KEY: ${{ secrets.RENOVATE_PRIVATE_KEY }}
	run: \|
	echo "${GPG_PRIVATE_KEY}" \| gpg --import
	git config user.name "CCBC Service Account"
	git config user.email "116113628+ccbc-service-account@users.noreply.github.com"
	git config user.signingkey "$(gpg --list-secret-keys --with-colons \| awk -F: '/sec:/ {print $5}')"
	git config commit.gpgsign true
	- name: dev env setup
	uses: ./.github/actions/dev-env-setup
	- name: Delete Latest Tag If It Already Exists
	run: \|
	git checkout main
	yarn
	NEW_TAG=$(yarn release-it --release-version \| awk 'match($0, /^ *([0-9]+\.[0-9]+\.[0-9]+)/, a) { if (NR == 1) next; print "v" a[1]; exit; }')
	TAG_EXISTS=$(git tag -l $NEW_TAG)
	echo $NEW_TAG
	if [ "$TAG_EXISTS" ]; then
	git tag -d $NEW_TAG
	git push --delete origin $NEW_TAG
	fi
	- name: Delete and Recreate Branch
	run: \|
	git branch -D chore/release \|\| true
	git push origin --delete chore/release \|\| true
	git checkout main
	git checkout -b chore/release
	- name: Close Previous PRs
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const { owner, repo } = context.repo
	const prs = await github.rest.pulls.list({ owner, repo, state: 'open', head: 'bcgov:chore/release' })
	for (const pr of prs.data) {
	await github.rest.pulls.update({ owner, repo, pull_number: pr.number, state: 'closed' })
	}
	- name: Setup Sqitch User
	run: \|
	sqitch config --user user.name 'CCBC Service Account'
	sqitch config --user user.email 'ccbc@button.is'
	- name: Make Release
	run: \|
	git checkout chore/release
	git push --set-upstream origin chore/release
	git pull
	echo '--ci' \| make release
	- name: Create PR
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
	script: \|
	const { owner, repo } = context.repo
	await github.rest.pulls.create({
	owner,
	repo,
	title: 'chore: release',
	head: 'chore/release',
	base: 'main',
	});
	deploy:
	if: github.event.ref == 'refs/heads/main'
	needs: [test-code, test-containers]
	uses: ./.github/workflows/deploy.yaml
	secrets:
	OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
	OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
	OPENSHIFT_APP_NAMESPACE: ${{ secrets.OPENSHIFT_APP_NAMESPACE }}
	OPENSHIFT_METABASE_NAMESPACE: ${{ secrets.OPENSHIFT_METABASE_NAMESPACE }}
	OPENSHIFT_METABASE_PROD_NAMESPACE: ${{ secrets.OPENSHIFT_METABASE_PROD_NAMESPACE }}
	NEXT_PUBLIC_GROWTHBOOK_API_KEY: ${{ secrets.NEXT_PUBLIC_GROWTHBOOK_API_KEY }}
	CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
	OPENSHIFT_SECURE_ROUTE: ${{ secrets.OPENSHIFT_SECURE_ROUTE }}
	AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
	AWS_S3_REGION: ${{ secrets.AWS_S3_REGION }}
	AWS_S3_KEY: ${{ secrets.AWS_S3_KEY }}
	AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
	AWS_S3_SECRET_KEY: ${{ secrets.AWS_S3_SECRET_KEY }}
	CERTBOT_EMAIL: ${{ secrets.CERTBOT_EMAIL }}
	CERTBOT_SERVER: ${{ secrets.CERTBOT_SERVER }}
	AWS_CLAM_S3_BUCKET: ${{ secrets.AWS_CLAM_S3_BUCKET }}
	METABASE_EMBED_SECRET: ${{ secrets.METABASE_EMBED_SECRET }}
	METABASE_SITE_URL: ${{ secrets.METABASE_SITE_URL }}
	CERT: ${{ secrets.CERT }}
	CERT_KEY: ${{ secrets.CERT_KEY }}
	CERT_CA: ${{ secrets.CERT_CA }}
	SP_SA_USER: ${{ secrets.SP_SA_USER }}
	SP_SA_PASSWORD: ${{ secrets.SP_SA_PASSWORD }}
	SP_DOC_LIBRARY: ${{ secrets.SP_DOC_LIBRARY }}
	SP_SITE: ${{ secrets.SP_SITE }}
	SP_MS_FILE_NAME: ${{ secrets.SP_MS_FILE_NAME }}
	SA_CLIENT_SECRET: ${{ secrets.SA_CLIENT_SECRET }}
	SA_CLIENT_ID: ${{ secrets.SA_CLIENT_ID }}
	KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_HOST }}
	SP_LIST_NAME: ${{ secrets.SP_LIST_NAME }}
	VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
	VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
	VAULT_NAMESPACE: ${{ secrets.VAULT_NAMESPACE}}
	RENOVATE_GITHUB_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
	RENOVATE_PRIVATE_KEY: ${{ secrets.RENOVATE_PRIVATE_KEY }}
	CHES_API_URL: ${{ secrets.CHES_API_URL }}
	CHES_CLIENT: ${{ secrets.CHES_CLIENT }}
	CHES_CLIENT_SECRET: ${{ secrets.CHES_CLIENT_SECRET }}
	CHES_TO_EMAIL: ${{ secrets.CHES_TO_EMAIL }}
	CHES_KEYCLOAK_HOST: ${{ secrets.CHES_KEYCLOAK_HOST }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: ches export secrets #6625

Workflow file

fix: ches export secrets #6625

Jobs

Run details

Workflow file for this run