properly pass secrets between workflows

4 years ago · e44a4cb2e1
4 changed files with 42 additions and 8 deletions
--- a/.github/workflows/artifacts.yml
+++ b/.github/workflows/artifacts.yml
@ -14,6 +14,17 @@ on:
				@@ -14,6 +14,17 @@ on:
        description: 'Informational version number (e.g. 0.3.7-alpha)'
        required: true
        type: string
+    secrets:
+      apple_developer_certificate_p12_base64:
+        required: true
+      apple_developer_certificate_password:
+        required: true
+      ac_username:
+        required: true
+      ac_password:
+        required: true
+      github_token:
+        required: true
 jobs:
  build_and_upload:
    name: Build & Upload Artifacts
@ -58,8 +69,8 @@ jobs:
				@@ -58,8 +69,8 @@ jobs:
        uses: Apple-Actions/import-codesign-certs@v1
        if: matrix.kind == 'macOS'
        with:
-          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+          p12-file-base64: ${{ secrets.apple_developer_certificate_p12_base64 }}
+          p12-password: ${{ secrets.apple_developer_certificate_password }}

      - name: Build
        shell: bash
@ -92,13 +103,13 @@ jobs:
				@@ -92,13 +103,13 @@ jobs:
            rm -r "$release_name"
          fi
        env:
-          AC_USERNAME: ${{ secrets.AC_USERNAME }}
-          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+          AC_USERNAME: ${{ secrets.ac_username }}
+          AC_PASSWORD: ${{ secrets.ac_password }}

      - name: Delete old release assets
        uses: mknejp/delete-release-assets@v1
        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.github_token }}
          tag: ${{ inputs.release_tag }}
          fail-if-no-assets: false
          assets: |
@ -115,4 +126,4 @@ jobs:
				@@ -115,4 +126,4 @@ jobs:
            ${{ env.RELEASE_NAME }}.tar.gz
            ${{ env.RELEASE_NAME }}.dmg
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.github_token }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -41,6 +41,12 @@ jobs:
				@@ -41,6 +41,12 @@ jobs:
      release_tag: develop
      release_version: ${{ needs.calculate_version.outputs.artifacts_version }}
      info_version: ${{ needs.calculate_version.outputs.info_version }}
+    secrets:
+      apple_developer_certificate_p12_base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+      apple_developer_certificate_password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+      ac_username: ${{ secrets.AC_USERNAME }}
+      ac_password: ${{ secrets.AC_PASSWORD }}
+      github_token: ${{ secrets.GITHUB_TOKEN }}
  build_and_push:
    uses: jasongdove/ersatztv/.github/workflows/docker.yml@main
    needs: calculate_version
@ -48,3 +54,6 @@ jobs:
				@@ -48,3 +54,6 @@ jobs:
      base_version: develop
      info_version: ${{ needs.calculate_version.outputs.git_tag }}
      tag_version: ${{ github.sha }}
+    secrets:
+      docker_hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
+      docker_hub_access_token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -14,6 +14,11 @@ on:
				@@ -14,6 +14,11 @@ on:
        description: 'Docker tag version (e.g. v0.3.7)'
        required: true
        type: string
+    secrets:
+      docker_hub_username:
+        required: true
+      docker_hub_access_token:
+        required: true
 jobs:
  build_and_push:
    name: Build & Publish
@ -40,8 +45,8 @@ jobs:
				@@ -40,8 +45,8 @@ jobs:
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+          username: ${{ secrets.docker_hub_username }}
+          password: ${{ secrets.docker_hub_access_token }}

      - name: Build and push base
        uses: docker/build-push-action@v2
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -35,6 +35,12 @@ jobs:
				@@ -35,6 +35,12 @@ jobs:
      release_tag: ${{ needs.calculate_version.outputs.artifacts_version }}
      release_version: ${{ needs.calculate_version.outputs.artifacts_version }}
      info_version: ${{ needs.calculate_version.outputs.info_version }}
+    secrets:
+      apple_developer_certificate_p12_base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+      apple_developer_certificate_password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+      ac_username: ${{ secrets.AC_USERNAME }}
+      ac_password: ${{ secrets.AC_PASSWORD }}
+      github_token: ${{ secrets.GITHUB_TOKEN }}
  build_and_push:
    uses: jasongdove/ersatztv/.github/workflows/docker.yml@main
    needs: calculate_version
@ -42,3 +48,6 @@ jobs:
				@@ -42,3 +48,6 @@ jobs:
      base_version: latest
      info_version: ${{ needs.calculate_version.outputs.git_tag }}
      tag_version: ${{ needs.calculate_version.outputs.docker_tag }}
+    secrets:
+      docker_hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
+      docker_hub_access_token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}