diff --git a/.github/workflows/release-brew.yaml b/.github/workflows/release-brew.yaml index 2b5603d..c1aa1ef 100644 --- a/.github/workflows/release-brew.yaml +++ b/.github/workflows/release-brew.yaml @@ -66,8 +66,12 @@ jobs: - name: Fetch secrets run: | - echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV - echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV + bot_email=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString') + echo "::add-mask::$bot_email" + echo "BOT_EMAIL=$bot_email" >> $GITHUB_ENV + homebrew_github_api_token=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString') + echo "::add-mask::$homebrew_github_api_token" + echo "HOMEBREW_GITHUB_API_TOKEN=$homebrew_github_api_token" >> $GITHUB_ENV - name: Configure git user name and email run: | @@ -102,8 +106,12 @@ jobs: - name: Fetch secrets run: | - echo "FORK_REPO=https://$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')@github.com/${{ env.BOT_USER }}/homebrew-$(echo ${{ env.TAP }} |cut -d / -f 2).git" >> $GITHUB_ENV - echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV + fork_repo="https://$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')@github.com/${{ env.BOT_USER }}/homebrew-$(echo ${{ env.TAP }} |cut -d / -f 2).git" + echo "::add-mask::$fork_repo" + echo "FORK_REPO=$fork_repo" >> $GITHUB_ENV + github_token="$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" + echo "::add-mask::$github_token" + echo "GITHUB_TOKEN=$github_token" >> $GITHUB_ENV - name: Checkout PR run: | @@ -167,8 +175,12 @@ jobs: - name: Fetch secrets run: | - echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV - echo "FORK_REPO=https://$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')@github.com/${{ env.BOT_USER }}/homebrew-$(echo ${{ env.TAP }} |cut -d / -f 2).git" >> $GITHUB_ENV + bot_email="$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" + echo "::add-mask::$bot_email" + echo "BOT_EMAIL=$bot_email" >> $GITHUB_ENV + fork_repo="https://$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')@github.com/${{ env.BOT_USER }}/homebrew-$(echo ${{ env.TAP }} |cut -d / -f 2).git" + echo "::add-mask::$fork_repo" + echo "FORK_REPO=$fork_repo" >> $GITHUB_ENV - name: Configure git user name and email run: | diff --git a/.github/workflows/release-pypi.yaml b/.github/workflows/release-pypi.yaml index 59cdcfa..039a166 100644 --- a/.github/workflows/release-pypi.yaml +++ b/.github/workflows/release-pypi.yaml @@ -27,8 +27,12 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Fetch secrets run: | - echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV - echo "TWINE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id PYPI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV + github_token="$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" + echo "::add-mask::$github_token" + echo "GITHUB_TOKEN=$github_token" >> $GITHUB_ENV + twine_password="$(aws secretsmanager get-secret-value --secret-id PYPI_ACCESS_TOKEN | jq -r '.SecretString')" + echo "::add-mask::$twine_password" + echo "TWINE_PASSWORD=$twine_password" >> $GITHUB_ENV - name: set asset path and name id: get_package_name run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fc2ada6..1384b45 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,9 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Fetch secrets run: | - echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV + github_token="$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" + echo "::add-mask::$github_token" + echo "GITHUB_TOKEN=$github_token" >> $GITHUB_ENV - name: Create release uses: actions/create-release@v1 with: