From 8bcf85430a039c3651a543c49b100ae7e1c1c05e Mon Sep 17 00:00:00 2001
From: Braden Mars <bradenmars@bradenmars.me>
Date: Sun, 6 Aug 2023 17:33:44 -0500
Subject: [PATCH] fix(stacks.api): use forked sops action with support for
 arm64

Signed-off-by: Braden Mars <bradenmars@bradenmars.me>
---
 .github/workflows/deploy.yml  | 23 +++++------------------
 packages/stacks/api/src/gh.ts | 22 ++++++++--------------
 2 files changed, 13 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 3ef184d0..be2ff1b4 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -43,6 +43,10 @@ jobs:
         if: inputs.runner == 'self-hosted'
         with:
           arch: arm64
+      - name: Install SOPs
+        uses: CrisisCleanup/mozilla-sops-action@main
+        with:
+          version: 3.7.3
       - name: Setup PNPM
         uses: pnpm/action-setup@v2.4.0
       - name: Setup Node
@@ -58,24 +62,7 @@ jobs:
           role-skip-session-tagging: true
           role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
       - name: Install
-        run: >-
-          echo Installing Sops...
-
-          ARCH=$(uname -m)
-
-          if [ "$ARCH" = "aarch64" ]; then
-            curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.arm64 -o sops
-          else
-            curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux -o sops
-          fi
-
-          chmod 755 sops
-
-          mv sops /usr/local/bin
-
-          sops --version
-
-          pnpm install
+        run: pnpm install
       - name: Build
         run: |-
           pnpm build
diff --git a/packages/stacks/api/src/gh.ts b/packages/stacks/api/src/gh.ts
index 98eca069..79b7a8fa 100644
--- a/packages/stacks/api/src/gh.ts
+++ b/packages/stacks/api/src/gh.ts
@@ -205,20 +205,7 @@ class GithubCodePipeline {
 		})
 		pipelineKms.grantDecrypt(actionsRole.role)
 
-		const sopsInstall = [
-			'echo Installing Sops...',
-			'ARCH=$(uname -m)',
-			'if [ "$ARCH" = "aarch64" ]; then',
-			'  curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.arm64 -o sops',
-			'else',
-			'  curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux -o sops',
-			'fi',
-			'chmod 755 sops',
-			'mv sops /usr/local/bin',
-			'sops --version',
-		]
-
-		const installCommands = [...sopsInstall, 'pnpm install']
+		const installCommands = ['pnpm install']
 
 		const commands = [
 			'pnpm build',
@@ -270,6 +257,13 @@ class GithubCodePipeline {
 						arch: 'arm64',
 					},
 				},
+				{
+					name: 'Install SOPs',
+					uses: 'CrisisCleanup/mozilla-sops-action@main',
+					with: {
+						version: '3.7.3',
+					},
+				},
 				{
 					name: 'Setup PNPM',
 					uses: 'pnpm/action-setup@v2.4.0',