diff --git a/.github/workflows/build_and_push_performance_test.yml b/.github/workflows/build_and_push_performance_test.yml index 326cec3389..8caab4859a 100644 --- a/.github/workflows/build_and_push_performance_test.yml +++ b/.github/workflows/build_and_push_performance_test.yml @@ -11,7 +11,7 @@ on: env: GITHUB_SHA: ${{ github.sha }} - REGISTRY: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify + REGISTRY: ${{ secrets.STAGING_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify jobs: changes: @@ -55,8 +55,8 @@ jobs: id: aws-creds uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }} aws-region: ca-central-1 - name: Login to ECR diff --git a/.github/workflows/docker-vulnerability-scan.yml b/.github/workflows/docker-vulnerability-scan.yml index 0858563b69..19547eb294 100644 --- a/.github/workflows/docker-vulnerability-scan.yml +++ b/.github/workflows/docker-vulnerability-scan.yml @@ -47,13 +47,13 @@ jobs: runs-on: ubuntu-latest env: DOCKERFILE_PATH: "ci/Dockerfile.lambda" - DOCKER_IMAGE: "${{ secrets.PRODUCTION_API_LAMBDA_ECR_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify/api-lambda" + DOCKER_IMAGE: "${{ secrets.PRODUCTION_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify/api-lambda" steps: - name: Configure credentials to Notify account using OIDC uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: - role-to-assume: arn:aws:iam::${{ secrets.PRODUCTION_API_LAMBDA_ECR_ACCOUNT }}:role/notification-api-apply + role-to-assume: arn:aws:iam::${{ secrets.PRODUCTION_AWS_ACCOUNT_ID }}:role/notification-api-apply role-session-name: NotifyApiGitHubActions aws-region: "ca-central-1" diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index c0d2a68c98..869ebf5aa5 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -9,8 +9,7 @@ env: DOCKER_ORG: public.ecr.aws/v6b8u5o6 DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api KUBECTL_VERSION: '1.23.6' - WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }} - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }} permissions: id-token: write # This is required for requesting the OIDC JWT @@ -59,8 +58,8 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }} aws-region: ca-central-1 - name: Install OpenVPN @@ -89,7 +88,6 @@ jobs: uses: "kota65535/github-openvpn-connect-action@cd2ed8a90cc7b060dc4e001143e811b5f7ea0af5" with: config_file: /var/tmp/staging.ovpn - client_key: ${{ secrets.STAGING_OVPN_CLIENT_KEY }} echo_config: false - name: Configure kubeconfig diff --git a/.github/workflows/lambda_production.yml b/.github/workflows/lambda_production.yml index 7d6f1a9e43..5481145d40 100644 --- a/.github/workflows/lambda_production.yml +++ b/.github/workflows/lambda_production.yml @@ -7,7 +7,7 @@ on: branches: [main] env: - REGISTRY: ${{ secrets.PRODUCTION_API_LAMBDA_ECR_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify + REGISTRY: ${{ secrets.PRODUCTION_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify jobs: build-and-push: @@ -25,8 +25,8 @@ jobs: id: aws-creds uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: - aws-access-key-id: ${{ secrets.PRODUCTION_ECR_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.PRODUCTION_ECR_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }} aws-region: ca-central-1 - name: Set Docker image tag diff --git a/.github/workflows/lambda_staging.yml b/.github/workflows/lambda_staging.yml index 9bd896bbe3..a1976f2983 100644 --- a/.github/workflows/lambda_staging.yml +++ b/.github/workflows/lambda_staging.yml @@ -7,7 +7,7 @@ on: branches: [main] env: - REGISTRY: ${{ secrets.STAGING_API_LAMBDA_ECR_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify + REGISTRY: ${{ secrets.STAGING_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify jobs: build-push-and-deploy: @@ -25,8 +25,8 @@ jobs: id: aws-creds uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: - aws-access-key-id: ${{ secrets.STAGING_ECR_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.STAGING_ECR_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }} aws-region: ca-central-1 - name: Build container