From a3544270a2d1c80e03a4577c6f4cf0106bf92df8 Mon Sep 17 00:00:00 2001 From: katspaugh Date: Thu, 30 May 2024 12:15:07 +0200 Subject: [PATCH] Refactor secret passing --- .github/workflows/build/action.yml | 55 +++++++++----------- .github/workflows/cypress/action.yml | 14 ++--- .github/workflows/deploy-dev.yml | 2 +- .github/workflows/deploy-production.yml | 2 +- .github/workflows/e2e-hp-ondemand.yml | 2 +- .github/workflows/e2e-ondemand.yml | 2 +- .github/workflows/e2e-regression.yml | 2 +- .github/workflows/e2e-safe-apps.yml | 3 +- .github/workflows/e2e-smoke.yml | 2 +- .github/workflows/nextjs-bundle-analysis.yml | 3 +- 10 files changed, 39 insertions(+), 48 deletions(-) diff --git a/.github/workflows/build/action.yml b/.github/workflows/build/action.yml index 5654814468..b27ad6c89f 100644 --- a/.github/workflows/build/action.yml +++ b/.github/workflows/build/action.yml @@ -3,9 +3,6 @@ name: 'Build' description: 'Build the app' inputs: - secrets: - required: true - prod: # id of input description: 'Production build flag' required: false @@ -23,29 +20,29 @@ runs: env: NEXT_PUBLIC_IS_PRODUCTION: ${{ inputs.prod }} NEXT_PUBLIC_CYPRESS_MNEMONIC: ${{ inputs.e2e_mnemonic }} - NEXT_PUBLIC_GATEWAY_URL_PRODUCTION: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_GATEWAY_URL_PRODUCTION }} - NEXT_PUBLIC_GATEWAY_URL_STAGING: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_GATEWAY_URL_STAGING }} - NEXT_PUBLIC_SAFE_VERSION: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SAFE_VERSION }} - NEXT_PUBLIC_BEAMER_ID: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_BEAMER_ID }} - NEXT_PUBLIC_GOOGLE_TAG_MANAGER_DEVELOPMENT_AUTH: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_GOOGLE_TAG_MANAGER_DEVELOPMENT_AUTH }} - NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID }} - NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LATEST_AUTH: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LATEST_AUTH }} - NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LIVE_AUTH: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LIVE_AUTH }} - NEXT_PUBLIC_INFURA_TOKEN: ${{ inputs.prod && fromJSON(inputs.secrets).NEXT_PUBLIC_INFURA_TOKEN || fromJSON(inputs.secrets).NEXT_PUBLIC_INFURA_TOKEN_DEVSTAGING }} - NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN || fromJSON(inputs.secrets).NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN_DEVSTAGING }} - NEXT_PUBLIC_SENTRY_DSN: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SENTRY_DSN }} - NEXT_PUBLIC_TENDERLY_ORG_NAME: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_TENDERLY_ORG_NAME }} - NEXT_PUBLIC_TENDERLY_PROJECT_NAME: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_TENDERLY_PROJECT_NAME }} - NEXT_PUBLIC_TENDERLY_SIMULATE_ENDPOINT_URL: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_TENDERLY_SIMULATE_ENDPOINT_URL }} - NEXT_PUBLIC_WC_PROJECT_ID: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_WC_PROJECT_ID }} - NEXT_PUBLIC_SAFE_RELAY_SERVICE_URL_PRODUCTION: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SAFE_GELATO_RELAY_SERVICE_URL_PRODUCTION }} - NEXT_PUBLIC_SAFE_RELAY_SERVICE_URL_STAGING: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SAFE_GELATO_RELAY_SERVICE_URL_STAGING }} - NEXT_PUBLIC_IS_OFFICIAL_HOST: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_IS_OFFICIAL_HOST }} - NEXT_PUBLIC_REDEFINE_API: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_REDEFINE_API }} - NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_STAGING: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_STAGING }} - NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_PRODUCTION: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_PRODUCTION }} - NEXT_PUBLIC_FIREBASE_OPTIONS_PRODUCTION: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_FIREBASE_OPTIONS_PRODUCTION }} - NEXT_PUBLIC_FIREBASE_OPTIONS_STAGING: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_FIREBASE_OPTIONS_STAGING }} - NEXT_PUBLIC_FIREBASE_VAPID_KEY_PRODUCTION: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_FIREBASE_VAPID_KEY_PRODUCTION }} - NEXT_PUBLIC_FIREBASE_VAPID_KEY_STAGING: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_FIREBASE_VAPID_KEY_STAGING }} - NEXT_PUBLIC_SPINDL_SDK_KEY: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_SPINDL_SDK_KEY }} + NEXT_PUBLIC_GATEWAY_URL_PRODUCTION: ${{ secrets.NEXT_PUBLIC_GATEWAY_URL_PRODUCTION }} + NEXT_PUBLIC_GATEWAY_URL_STAGING: ${{ secrets.NEXT_PUBLIC_GATEWAY_URL_STAGING }} + NEXT_PUBLIC_SAFE_VERSION: ${{ secrets.NEXT_PUBLIC_SAFE_VERSION }} + NEXT_PUBLIC_BEAMER_ID: ${{ secrets.NEXT_PUBLIC_BEAMER_ID }} + NEXT_PUBLIC_GOOGLE_TAG_MANAGER_DEVELOPMENT_AUTH: ${{ secrets.NEXT_PUBLIC_GOOGLE_TAG_MANAGER_DEVELOPMENT_AUTH }} + NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID: ${{ secrets.NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID }} + NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LATEST_AUTH: ${{ secrets.NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LATEST_AUTH }} + NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LIVE_AUTH: ${{ secrets.NEXT_PUBLIC_GOOGLE_TAG_MANAGER_LIVE_AUTH }} + NEXT_PUBLIC_INFURA_TOKEN: ${{ inputs.prod && secrets.NEXT_PUBLIC_INFURA_TOKEN || secrets.NEXT_PUBLIC_INFURA_TOKEN_DEVSTAGING }} + NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN: ${{ secrets.NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN || secrets.NEXT_PUBLIC_SAFE_APPS_INFURA_TOKEN_DEVSTAGING }} + NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }} + NEXT_PUBLIC_TENDERLY_ORG_NAME: ${{ secrets.NEXT_PUBLIC_TENDERLY_ORG_NAME }} + NEXT_PUBLIC_TENDERLY_PROJECT_NAME: ${{ secrets.NEXT_PUBLIC_TENDERLY_PROJECT_NAME }} + NEXT_PUBLIC_TENDERLY_SIMULATE_ENDPOINT_URL: ${{ secrets.NEXT_PUBLIC_TENDERLY_SIMULATE_ENDPOINT_URL }} + NEXT_PUBLIC_WC_PROJECT_ID: ${{ secrets.NEXT_PUBLIC_WC_PROJECT_ID }} + NEXT_PUBLIC_SAFE_RELAY_SERVICE_URL_PRODUCTION: ${{ secrets.NEXT_PUBLIC_SAFE_GELATO_RELAY_SERVICE_URL_PRODUCTION }} + NEXT_PUBLIC_SAFE_RELAY_SERVICE_URL_STAGING: ${{ secrets.NEXT_PUBLIC_SAFE_GELATO_RELAY_SERVICE_URL_STAGING }} + NEXT_PUBLIC_IS_OFFICIAL_HOST: ${{ secrets.NEXT_PUBLIC_IS_OFFICIAL_HOST }} + NEXT_PUBLIC_REDEFINE_API: ${{ secrets.NEXT_PUBLIC_REDEFINE_API }} + NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_STAGING: ${{ secrets.NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_STAGING }} + NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_PRODUCTION: ${{ secrets.NEXT_PUBLIC_SOCIAL_WALLET_OPTIONS_PRODUCTION }} + NEXT_PUBLIC_FIREBASE_OPTIONS_PRODUCTION: ${{ secrets.NEXT_PUBLIC_FIREBASE_OPTIONS_PRODUCTION }} + NEXT_PUBLIC_FIREBASE_OPTIONS_STAGING: ${{ secrets.NEXT_PUBLIC_FIREBASE_OPTIONS_STAGING }} + NEXT_PUBLIC_FIREBASE_VAPID_KEY_PRODUCTION: ${{ secrets.NEXT_PUBLIC_FIREBASE_VAPID_KEY_PRODUCTION }} + NEXT_PUBLIC_FIREBASE_VAPID_KEY_STAGING: ${{ secrets.NEXT_PUBLIC_FIREBASE_VAPID_KEY_STAGING }} + NEXT_PUBLIC_SPINDL_SDK_KEY: ${{ secrets.NEXT_PUBLIC_SPINDL_SDK_KEY }} diff --git a/.github/workflows/cypress/action.yml b/.github/workflows/cypress/action.yml index bcccd875bc..7c3c2b6b6b 100644 --- a/.github/workflows/cypress/action.yml +++ b/.github/workflows/cypress/action.yml @@ -3,10 +3,6 @@ name: 'Cypress' description: 'Run Cypress' inputs: - secrets: - description: 'GitHub secrets as JSON' - required: true - spec: description: 'A glob pattern for which tests to run' required: true @@ -35,9 +31,9 @@ runs: sudo apt-get install ./google-chrome-stable_current_amd64.deb - uses: ./.github/workflows/build + secrets: inherit with: - secrets: ${{ inputs.secrets }} - e2e_mnemonic: ${{ fromJSON(inputs.secrets).NEXT_PUBLIC_CYPRESS_MNEMONIC }} + e2e_mnemonic: ${{ secrets.NEXT_PUBLIC_CYPRESS_MNEMONIC }} - name: Serve shell: bash @@ -52,7 +48,7 @@ runs: record: true config: baseUrl=http://localhost:8080 env: - CYPRESS_RECORD_KEY: ${{ inputs.record_key || fromJSON(inputs.secrets).CYPRESS_RECORD_KEY }} - GITHUB_TOKEN: ${{ fromJSON(inputs.secrets).GITHUB_TOKEN }} + CYPRESS_RECORD_KEY: ${{ inputs.record_key || secrets.CYPRESS_RECORD_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CYPRESS_PROJECT_ID: ${{ inputs.project_id }} - CYPRESS_WALLET_CREDENTIALS: ${{ fromJSON(inputs.secrets).CYPRESS_WALLET_CREDENTIALS }} + CYPRESS_WALLET_CREDENTIALS: ${{ secrets.CYPRESS_WALLET_CREDENTIALS }} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index aa986eed3d..84fbbd8eae 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -39,8 +39,8 @@ jobs: - uses: ./.github/workflows/yarn - uses: ./.github/workflows/build + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} prod: ${{ github.ref == 'refs/heads/main' }} - uses: ./.github/workflows/build-storybook diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index 139049865c..982b69e6b5 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -19,8 +19,8 @@ jobs: - uses: ./.github/workflows/yarn - uses: ./.github/workflows/build + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} prod: ${{ true }} - name: Create archive diff --git a/.github/workflows/e2e-hp-ondemand.yml b/.github/workflows/e2e-hp-ondemand.yml index e898380e1b..7837954022 100644 --- a/.github/workflows/e2e-hp-ondemand.yml +++ b/.github/workflows/e2e-hp-ondemand.yml @@ -21,8 +21,8 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/cypress + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} spec: | cypress/e2e/happypath/*.cy.js group: 'Happy path on demand tests' diff --git a/.github/workflows/e2e-ondemand.yml b/.github/workflows/e2e-ondemand.yml index 906195d4a7..4b581003c2 100644 --- a/.github/workflows/e2e-ondemand.yml +++ b/.github/workflows/e2e-ondemand.yml @@ -21,8 +21,8 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/cypress + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} spec: | cypress/e2e/regression/*.cy.js cypress/e2e/safe-apps/*.cy.js diff --git a/.github/workflows/e2e-regression.yml b/.github/workflows/e2e-regression.yml index 104147064f..1a6fb74d0e 100644 --- a/.github/workflows/e2e-regression.yml +++ b/.github/workflows/e2e-regression.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/cypress + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} spec: cypress/e2e/**/*.cy.js group: 'Regression tests' diff --git a/.github/workflows/e2e-safe-apps.yml b/.github/workflows/e2e-safe-apps.yml index 2843bdfb1d..7b9e91698f 100644 --- a/.github/workflows/e2e-safe-apps.yml +++ b/.github/workflows/e2e-safe-apps.yml @@ -20,10 +20,9 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/cypress + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} spec: cypress/e2e/safe-apps/*.cy.js group: 'Safe Apps tests' project_id: okn21k record_key: ${{ secrets.CYPRESS_SAFE_APPS_RECORD_KEY }} - diff --git a/.github/workflows/e2e-smoke.yml b/.github/workflows/e2e-smoke.yml index e9cb5a6ab2..b7d4378ca3 100644 --- a/.github/workflows/e2e-smoke.yml +++ b/.github/workflows/e2e-smoke.yml @@ -21,7 +21,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/cypress + secrets: inherit with: - secrets: ${{ toJSON(secrets) }} spec: cypress/e2e/smoke/*.cy.js group: 'Smoke tests' diff --git a/.github/workflows/nextjs-bundle-analysis.yml b/.github/workflows/nextjs-bundle-analysis.yml index 1e3ad27f29..7280aeb829 100644 --- a/.github/workflows/nextjs-bundle-analysis.yml +++ b/.github/workflows/nextjs-bundle-analysis.yml @@ -25,8 +25,7 @@ jobs: - name: Build next.js app uses: ./.github/workflows/build - with: - secrets: ${{ toJSON(secrets) }} + secrets: inherit - name: Analyze bundle run: npx -p nextjs-bundle-analysis report