diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index f1dd498..078c4b4 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -21,19 +21,26 @@ jobs: - name: Set image name run: echo "IMAGE_NAME="benammann/git-secrets"" >> $GITHUB_ENV - name: Set docker username - run: echo "CR_USER=$(docker run -v $PWD/.git-secrets.json:/git-secrets/.git-secrets.json "$IMAGE_NAME:latest" --secret gitsecretspublic=${GIT_SECRETS_PUBLIC_DEFAULT} get config crUser)" >> $GITHUB_ENV - env: - GIT_SECRETS_PUBLIC_DEFAULT: ${{ secrets.GIT_SECRETS_PUBLIC_DEFAULT }} + uses: benammann/git-secrets-get-secret-action@v1 + id: docker_username + with: + resource: config + name: crUser + decryptSecretName: gitsecretspublic + decryptSecretValue: ${{ secrets.GIT_SECRETS_PUBLIC_DEFAULT }} - name: Set docker token - run: echo "CR_TOKEN=$(docker run -v $PWD/.git-secrets.json:/git-secrets/.git-secrets.json "$IMAGE_NAME:latest" --secret gitsecretspublic=${GIT_SECRETS_PUBLIC_DEFAULT} get secret crToken)" >> $GITHUB_ENV - env: - GIT_SECRETS_PUBLIC_DEFAULT: ${{ secrets.GIT_SECRETS_PUBLIC_DEFAULT }} + uses: benammann/git-secrets-get-secret-action@v1 + id: docker_token + with: + name: crToken + decryptSecretName: gitsecretspublic + decryptSecretValue: ${{ secrets.GIT_SECRETS_PUBLIC_DEFAULT }} - name: Remove ref from tag run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - name: Remove v from release version run: echo "IMAGE_TAG=${RELEASE_VERSION:1}" >> $GITHUB_ENV - name: Docker login - run: echo $CR_TOKEN | docker login -u $CR_USER --password-stdin + run: echo ${{ steps.docker_token.outputs.value }} | docker login -u ${{ steps.docker_username.outputs.value }} --password-stdin - name: Docker Build run: DATE=$(date) docker build --pull -t "$IMAGE_NAME:latest" --build-arg BUILD_VERSION=$RELEASE_VERSION --build-arg BUILD_COMMIT=$GITHUB_SHA --build-arg DATE=$DATE . - name: Docker Push (latest tag) diff --git a/readme.md b/readme.md index 4652bde..4421d58 100644 --- a/readme.md +++ b/readme.md @@ -185,7 +185,23 @@ GitConfig allows you to resolve git config values. For example if you want to re GIT_NAME={{GitConfig "user.name"}} GIT_EMAIL={{GitConfig "user.email"}} ```` +### Using Github-Actions +There is a github-action available to easily decode secrets in your CI/CD Pipeline: https://github.com/marketplace/actions/decrypt-secret + +Example Usage + +````yaml +- name: Decrypt Secret Value + id: test_secret + uses: benammann/git-secrets-get-secret-action@v1 + with: + name: testSecret + decryptSecretName: getsecretactionpublic + decryptSecretValue: ${{ secrets.GET_SECRET_ACTION_PUBLIC_SECRET }} +- name: Echo the output + run: echo "${{ steps.test_secret.outputs.value }}" +```` ### Using Docker