From 2aaf2cb6e1bb6e8aa9733e2baaba98c10aed409c Mon Sep 17 00:00:00 2001
From: JuanfeSanahuja <juanfe.sanahuja@zettagenomics.com>
Date: Tue, 11 Jun 2024 15:48:55 +0200
Subject: [PATCH] Preparing ymls to keeper integration #TASK-6187

---
 .github/workflows/test-analysis.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test-analysis.yml b/.github/workflows/test-analysis.yml
index e9df51ec..75f9a4ad 100644
--- a/.github/workflows/test-analysis.yml
+++ b/.github/workflows/test-analysis.yml
@@ -10,6 +10,14 @@ jobs:
     name: Test and push Sonar analysis
     runs-on: ubuntu-22.04
     steps:
+      - name: Retrieve secrets from Keeper
+        id: ksecrets
+        uses: Keeper-Security/ksm-action@master
+        with:
+          keeper-secret-config: ${{ secrets.KEEPER_SM_GH_OPENCB }}
+          secrets: |
+            ID_GITHUB_TOKEN/custom_field/GITHUB_TOKEN > env:GITHUB_TOKEN
+            ID_SONAR_TOKEN/custom_field/SONAR_TOKEN > env:SONAR_TOKEN
       - uses: actions/checkout@v4
         with:
           fetch-depth: '0'
@@ -31,8 +39,8 @@ jobs:
           fi
       - name: Test and Analyze
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
         run: mvn -B verify surefire-report:report --fail-never org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=opencb_biodata
       - name: Publish Test Report
         uses: scacap/action-surefire-report@v1