Skip to content

Commit d1a5697

Browse files
gsfgsf
committed
Get HPMS key and secret from secrets manager
1 parent 2c70804 commit d1a5697

File tree

1 file changed

+21
-9
lines changed

1 file changed

+21
-9
lines changed

.github/workflows/test.yml

Lines changed: 21 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
- name: Checkout code
1717
uses: actions/checkout@v4
1818
with:
19-
fetch-depth: 0
19+
fetch-depth: 0
2020

2121
- uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
2222
with:
@@ -37,21 +37,33 @@ jobs:
3737
ARTIFACTORY_PASSWORD=/artifactory/password
3838
SONAR_HOST_URL=/sonarqube/url
3939
SONAR_TOKEN=/sonarqube/token
40-
HPMS_AUTH_KEY_ID=/hpms/id
41-
HPMS_AUTH_KEY_SECRET=/hpms/secret
42-
40+
41+
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
42+
env:
43+
ACCOUNT_NAME: ${{ inputs.environment == 'prod_test' && 'prod' || inputs.environment }}
44+
with:
45+
aws-region: ${{ vars.AWS_REGION }}
46+
role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT', env.ACCOUNT_NAME)] }}:role/delegatedadmin/developer/ab2d-${{ env.ACCOUNT_NAME }}-github-actions
47+
48+
- uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb #v2.0.8
49+
env:
50+
SECRET_ENV: ${{ env.DEPLOYMENT_ENV == 'east-prod-test' && 'east-prod' || env.DEPLOYMENT_ENV }}
51+
with:
52+
secret-ids: |
53+
HPMS_AUTH_KEY_ID, ab2d/ab2d-${{ env.SECRET_ENV }}/module/db/ab2d_hpms_auth_key_id/2020-01-02-09-15-01
54+
HPMS_AUTH_KEY_SECRET, ab2d/ab2d-${{ env.SECRET_ENV }}/module/db/ab2d_hpms_auth_key_secret/2020-01-02-09-15-01
4355
4456
- name: Build files
4557
run: |
46-
gradle build -x test --info
58+
gradle build -x test --info
4759
4860
- name: Do tests
4961
run: |
50-
gradle clean test --info build
62+
gradle clean test --info build
5163
5264
- name: Build Jar
5365
run: |
54-
gradle jar --info build
66+
gradle jar --info build
5567
5668
- name: Gradle task
5769
run: |
@@ -63,10 +75,10 @@ jobs:
6375
-Dsonar.projectKey=ab2d-contracts \
6476
-Dsonar.host.url=https://sonarqube.cloud.cms.gov \
6577
-Dsonar.login=$SONAR_TOKEN
66-
78+
6779
- name: Quality Gate
6880
id: sonarqube-quality-gate-check
6981
uses: sonarsource/sonarqube-quality-gate-action@master
7082
with:
7183
scanMetadataReportFile: build/sonar/report-task.txt
72-
timeout-minutes: 10
84+
timeout-minutes: 10

0 commit comments

Comments
 (0)