Update deprecated Azure Key Vault action in workflows (#3438)

* Update deprecated Azure Key Vault in workflows * Try without colons * Specify bash as shell runner
2026-01-20 01:13:48 +00:00 · 2022-09-05 11:39:27 +02:00
parent 123db002dc
commit d1243c97a4
11 changed files with 244 additions and 92 deletions
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -297,14 +297,22 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
-        with:
-          keyvault: "bitwarden-prod-kv"
-          secrets: "code-signing-vault-url,
-                    code-signing-client-id,
-                    code-signing-tenant-id,
-                    code-signing-client-secret,
-                    code-signing-cert-name"
+        shell: bash
+        env:
+          KEYVAULT: bitwarden-prod-kv
+          SECRETS: |
+            code-signing-vault-url,
+            code-signing-client-id,
+            code-signing-tenant-id,
+            code-signing-client-secret,
+            code-signing-cert-name
+        run: |
+          for i in ${SECRETS//,/ }
+          do
+            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
+            echo "::add-mask::$VALUE"
+            echo "::set-output name=$i::$VALUE"
+          done

      - name: Install Node dependencies
        run: npm ci
@@ -1234,10 +1242,17 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
-        with:
-          keyvault: "bitwarden-prod-kv"
-          secrets: "crowdin-api-token"
+        env:
+          KEYVAULT: bitwarden-prod-kv
+          SECRETS: |
+            crowdin-api-token
+        run: |
+          for i in ${SECRETS//,/ }
+          do
+            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
+            echo "::add-mask::$VALUE"
+            echo "::set-output name=$i::$VALUE"
+          done

      - name: Upload Sources
        uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49  # v1.4.9
@@ -1308,11 +1323,18 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
        if: failure()
-        with:
-          keyvault: "bitwarden-prod-kv"
-          secrets: "devops-alerts-slack-webhook-url"
+        env:
+          KEYVAULT: bitwarden-prod-kv
+          SECRETS: |
+            devops-alerts-slack-webhook-url
+        run: |
+          for i in ${SECRETS//,/ }
+          do
+            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
+            echo "::add-mask::$VALUE"
+            echo "::set-output name=$i::$VALUE"
+          done

      - name: Notify Slack on failure
        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33