adding manifests workflow token (#1714)

* adding manifests workflow token [review] * Update documentation-secrets.tf
cds-snc · Jan 9, 2025 · a475d55 · a475d55
1 parent 1008a33
commit a475d55
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 0 deletions.
diff --git a/aws/github/admin-secrets.tf b/aws/github/admin-secrets.tf
@@ -61,3 +61,9 @@ resource "github_actions_secret" "admin_slack_webhook" {
   plaintext_value = var.notify_dev_slack_webhook
 }
 
+resource "github_actions_secret" "admin_github_manifests_workflow_token" {
+  count           = var.env == "staging" ? 1 : 0
+  repository      = data.github_repository.notification_admin.name
+  secret_name     = "MANIFESTS_WORKFLOW_TOKEN"
+  plaintext_value = var.github_manifests_workflow_token
+}
diff --git a/aws/github/api-secrets.tf b/aws/github/api-secrets.tf
@@ -45,3 +45,10 @@ resource "github_actions_secret" "api_slack_webhook" {
   secret_name     = "SLACK_WEBHOOK"
   plaintext_value = var.notify_dev_slack_webhook
 }
+
+resource "github_actions_secret" "api_github_manifests_workflow_token" {
+  count           = var.env == "staging" ? 1 : 0
+  repository      = data.github_repository.notification_api.name
+  secret_name     = "MANIFESTS_WORKFLOW_TOKEN"
+  plaintext_value = var.github_manifests_workflow_token
+}
diff --git a/aws/github/document-download-secrets.tf b/aws/github/document-download-secrets.tf
@@ -11,3 +11,10 @@ resource "github_actions_secret" "dd_slack_webhook" {
   secret_name     = "SLACK_WEBHOOK"
   plaintext_value = var.notify_dev_slack_webhook
 }
+
+resource "github_actions_secret" "dd_github_manifests_workflow_token" {
+  count           = var.env == "staging" ? 1 : 0
+  repository      = data.github_repository.notification_document_download.name
+  secret_name     = "MANIFESTS_WORKFLOW_TOKEN"
+  plaintext_value = var.github_manifests_workflow_token
+}
diff --git a/aws/github/documentation-secrets.tf b/aws/github/documentation-secrets.tf
@@ -4,3 +4,10 @@ resource "github_actions_secret" "documentation_op_service_account_token" {
   secret_name     = "OP_SERVICE_ACCOUNT_TOKEN_${upper(var.env)}"
   plaintext_value = var.op_service_account_token
 }
+
+resource "github_actions_secret" "documentation_github_manifests_workflow_token" {
+  count           = var.env == "staging" ? 1 : 0
+  repository      = data.github_repository.notification_documentation.name
+  secret_name     = "MANIFESTS_WORKFLOW_TOKEN"
+  plaintext_value = var.github_manifests_workflow_token
+}
diff --git a/env/variables.tf b/env/variables.tf
@@ -1051,3 +1051,8 @@ variable "ipv4_maxmind_license_key" {
   sensitive = true
   default   = "prodonly"
 }
+
+variable "github_manifests_workflow_token" {
+  type      = string
+  sensitive = true
+}