Skip to content
Azure - ser etter secrets som utløper

Azure - ser etter secrets som utløper #8

Sign in to view logs

Azure - ser etter secrets som utløper

Azure - ser etter secrets som utløper #8

Workflow file for this run

.github/workflows/azure-app-secrets.yml at 83ca3aa
name: Azure - ser etter secrets som utløper
on:
workflow_dispatch:
schedule:
- cron: "9 6 * * 1"
permissions:
id-token: write
contents: read
jobs:
checkAppSecrets:
runs-on: [self-hosted, macOS]
concurrency:
group: appsecrets
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- name: Sett opp .env
run: |
echo "${{ vars.LARAVEL_ENV }}" > .env
cat <<EOF >> .env
# Innstillinger basert på Environment/Repository
PURESERVICE_URL=${{ vars.PURESERVICE_URL }}
REDIS_HOST=${{ vars.REDIS_HOST }}
CACHE_DRIVER=${{ vars.CACHE_DRIVER }}
MAIL_FROM_ADDRESS=${{ vars.MAIL_FROM_ADDRESS }}
AZURE_TENANT_ID=${{ vars.AZURE_TENANT_ID }}
AZURE_APP_ID=${{ vars.AZURE_APP_ID }}
EOF
- name: Cache dependencies
id: vendor-cache
uses: actions/cache@v4
env:
cache-name: cache-vendor-files
with:
path: ./vendor
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('./composer.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Innlogging for Azure CLI (OIDC)
uses: azure/login@v2
with:
client-id: ${{ vars.DIBK_GITHUBACTIONS_SP_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
subscription-id: ${{ vars.AZURE_SUBID_INTERNAL }}
- name: Henter og klargjør Graph-sertifikat
run: |
az keyvault secret download --vault ${{ vars.KEYVAULT_NAME }} --file storage/graph_client.pem --name ${{ vars.KEYVAULT_CERT_NAME }}
- name: Install dependencies
run: composer install
- name: Sjekker utløp på hemmeligheter i Azure
env:
REDIS_PASSWORD: ${{ secrets.REDIS_SECRET }}
PURESERVICE_APIKEY: ${{ secrets.PURESERVICE_APIKEY }}
run: |
./sync2pureservice migrate:fresh --force
./sync2pureservice graph:check-app-secrets