Use SLACK-WEBHOOK secret

We want to grab the secret from the key vault rather than from the GitHub environment so we can keep them all in one place.
DFE-Digital · Jul 20, 2023 · ca81ad4 · ca81ad4
1 parent eb57aed
commit ca81ad4
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/.github/workflows/database.yaml b/.github/workflows/database.yaml
@@ -91,14 +91,26 @@ jobs:
           path: backup-sanitised.sql.gz
           retention-days: 3
 
+      - id: key-vault-name
+        if: failure()
+        shell: bash
+        run: echo "value=$(make -s production_aks print-infrastructure-key-vault-name)" >> $GITHUB_OUTPUT
+
+      - uses: Azure/get-keyvault-secrets@v1
+        if: failure()
+        id: key-vault-secrets
+        with:
+          keyvault: ${{ steps.key-vault-name.outputs.value }}
+          secrets: "SLACK-WEBHOOK"
+
       - name: Notify Slack channel on job failure
         if: failure()
         uses: rtCamp/action-slack-notify@v2
         env:
           SLACK_USERNAME: CI Deployment
           SLACK_TITLE: Database backup failure
           SLACK_MESSAGE: Production database backup job failed
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }}
           SLACK_COLOR: failure
           SLACK_FOOTER: Sent from backup-production job in database-backups workflow
 

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -217,6 +217,6 @@ jobs:
           SLACK_TITLE: Deployment of apply-for-qualified-teacher-status to ${{ needs.deploy_nonprod_aks.outputs.environment_name }} failed
           SLACK_MESSAGE: |
             Deployment to ${{ needs.deploy_nonprod_aks.outputs.environment_name }} environment failed
-          SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }}
           SLACK_COLOR: failure
           SLACK_FOOTER: Sent from notify_slack_of_failures job in deploy workflow