Skip to content

Commit 2f9c216

Browse files
MariusStorhaugMariusStorhaug
committed
Refactor Action-Test jobs to use secrets directly instead of environment variables for improved security
1 parent 74aab2d commit 2f9c216

1 file changed

Lines changed: 10 additions & 28 deletions

File tree

.github/workflows/TestWorkflow.yml

Lines changed: 10 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -426,10 +426,8 @@ jobs:
426426
persist-credentials: false
427427
- name: Action-Test
428428
uses: ./
429-
env:
430-
TOKEN_SECRET: ${{ secrets.TEST_USER_PAT }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
431429
with:
432-
Token: ${{ env.TOKEN_SECRET }}
430+
Token: ${{ secrets.TEST_USER_PAT }}
433431
Prerelease: ${{ inputs.Prerelease }}
434432
ShowRateLimit: true
435433
Script: |
@@ -456,10 +454,8 @@ jobs:
456454
persist-credentials: false
457455
- name: Action-Test
458456
uses: ./
459-
env:
460-
TOKEN_SECRET: ${{ secrets.TEST_USER_USER_FG_PAT }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
461457
with:
462-
Token: ${{ env.TOKEN_SECRET }}
458+
Token: ${{ secrets.TEST_USER_USER_FG_PAT }}
463459
Prerelease: ${{ inputs.Prerelease }}
464460
ShowRateLimit: true
465461
Script: |
@@ -486,10 +482,8 @@ jobs:
486482
persist-credentials: false
487483
- name: Action-Test
488484
uses: ./
489-
env:
490-
TOKEN_SECRET: ${{ secrets.TEST_USER_ORG_FG_PAT }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
491485
with:
492-
Token: ${{ env.TOKEN_SECRET }}
486+
Token: ${{ secrets.TEST_USER_ORG_FG_PAT }}
493487
Prerelease: ${{ inputs.Prerelease }}
494488
ShowRateLimit: true
495489
Script: |
@@ -516,12 +510,9 @@ jobs:
516510
persist-credentials: false
517511
- name: Action-Test
518512
uses: ./
519-
env:
520-
CLIENTID_SECRET: ${{ secrets.TEST_APP_ENT_CLIENT_ID }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
521-
PRIVATEKEY_SECRET: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
522513
with:
523-
ClientID: ${{ env.CLIENTID_SECRET }}
524-
PrivateKey: ${{ env.PRIVATEKEY_SECRET }}
514+
ClientID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
515+
PrivateKey: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
525516
Prerelease: ${{ inputs.Prerelease }}
526517
ShowRateLimit: true
527518
Script: |
@@ -556,12 +547,9 @@ jobs:
556547
persist-credentials: false
557548
- name: Action-Test
558549
uses: ./
559-
env:
560-
CLIENTID_SECRET: ${{ secrets.TEST_APP_ORG_CLIENT_ID }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
561-
PRIVATEKEY_SECRET: ${{ secrets.TEST_APP_ORG_PRIVATE_KEY }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
562550
with:
563-
ClientID: '${{ env.CLIENTID_SECRET }}' # Test with quotes on input
564-
PrivateKey: '${{ env.PRIVATEKEY_SECRET }}' # Test with quotes on input
551+
ClientID: '${{ secrets.TEST_APP_ORG_CLIENT_ID }}' # Test with quotes on input
552+
PrivateKey: '${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}' # Test with quotes on input
565553
Prerelease: ${{ inputs.Prerelease }}
566554
ShowRateLimit: true
567555
Script: |
@@ -606,10 +594,8 @@ jobs:
606594

607595
- name: Action-Test
608596
uses: ./
609-
env:
610-
CLIENTID_SECRET: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
611597
with:
612-
ClientID: ${{ env.CLIENTID_SECRET }}
598+
ClientID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
613599
KeyVaultKeyReference: 'https://psmodule-test-vault.vault.azure.net/keys/psmodule-org-app/569ae34250e64adca6a2b2d159d454a5'
614600
Prerelease: ${{ inputs.Prerelease }}
615601
ShowRateLimit: true
@@ -659,10 +645,8 @@ jobs:
659645

660646
- name: Action-Test
661647
uses: ./
662-
env:
663-
CLIENTID_SECRET: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
664648
with:
665-
ClientID: ${{ env.CLIENTID_SECRET }}
649+
ClientID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
666650
KeyVaultKeyReference: 'https://psmodule-test-vault.vault.azure.net/keys/psmodule-org-app/'
667651
Prerelease: ${{ inputs.Prerelease }}
668652
ShowRateLimit: true
@@ -702,10 +686,8 @@ jobs:
702686
persist-credentials: false
703687
- name: Action-Test with PreserveCredentials false
704688
uses: ./
705-
env:
706-
TOKEN_SECRET: ${{ secrets.TEST_USER_PAT }} # zizmor: ignore[secrets-outside-env] org-level test secret is intentional
707689
with:
708-
Token: ${{ env.TOKEN_SECRET }}
690+
Token: ${{ secrets.TEST_USER_PAT }}
709691
PreserveCredentials: false
710692
Prerelease: ${{ inputs.Prerelease }}
711693
ShowRateLimit: true

0 commit comments

Comments
 (0)