fix(ci): update ci and (no)secrets usage

SocialGouv · Oct 19, 2022 · eee2a5c · eee2a5c
1 parent c79b2e5
commit eee2a5c
Showing 3 changed files with 38 additions and 7 deletions.
diff --git a/.github/actions/get-no-secrets-env/action.yml b/.github/actions/get-no-secrets-env/action.yml
@@ -0,0 +1,28 @@
+name: Get NO_SECRETS env
+description: Get "NO_SECRETS" as output
+
+inputs:
+  no-secret:
+    description: The NO_SECRET value
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Temp NO_SECRETS as .env file
+      shell: bash
+      run: |
+        touch ${{ github.run_id }}_${{ github.sha }}.env
+        echo "${{ inputs.no-secret }}" >> ${{ github.run_id }}_${{ github.sha }}.env
+
+    - name: Convert dotenv as output
+      id: nosecrets
+      uses: falti/dotenv-action@v1
+      with:
+        path: ${{ github.run_id }}_${{ github.sha }}.env
+        log-variables: true
+        mask-variables: true
+
+    - name: Remove temp .env file
+      shell: bash
+      run: rm -rf ${{ github.run_id }}_${{ github.sha }}.env
diff --git a/.github/actions/setup-node/action.yml b/.github/actions/setup-node/action.yml
@@ -1,12 +1,12 @@
 name: Setup Node
-description: Setup Node from .nvmrc and yarn install
+description: Setup Node from .nvmrc
 
 runs:
   using: composite
   steps:
     - name: Read Node version from .nvmrc
       shell: bash
-      run: echo ::set-output name=NVMRC::$(cat .nvmrc)
+      run: echo "name=NVMRC::$(cat .nvmrc)" >> $GITHUB_OUTPUT
       id: nvm
 
     - name: Set up Node.js

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -55,6 +55,9 @@ jobs:
             ${{ env.CSC_LINK }}
       - name: Setup Node
         uses: ./.github/actions/setup-node
+      - uses: ./.github/actions/get-no-secrets-env
+        with:
+          no-secret: ${{ secrets.NO_SECRETS }}
       - name: Yarn install
         run: yarn --frozen-lockfile --perfer-offline
       - name: Import GPG key
@@ -73,20 +76,20 @@ jobs:
           # override because of "env-ci" used by semantic-release
           # GITHUB_REF should not be default branch when "workflow_run" event is triggered
           export GITHUB_REF=$GITHUB_REF_OVERRIDE
-          echo ::set-output name=current-version::$(node -e "console.log(require('./package.json').version)")
+          echo "current-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
           yarn semantic-release
-          echo ::set-output name=next-version::$(node -e "console.log(require('./package.json').version)")
+          echo "next-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
           yarn compile --no-progress
         env:
           ARCHIFILTRE_RELEASE_MODE: version
-          TRACKER_MATOMO_ID_SITE: ${{ secrets.TRACKER_MATOMO_ID_SITE }}
+          TRACKER_MATOMO_ID_SITE: ${{ steps.nosecrets.outputs.tracker_matomo_id_site }}
+          TRACKER_PROVIDER: ${{ steps.nosecrets.outputs.tracker_provider }}
+          SENTRY_ORG: ${{ steps.nosecrets.outputs.sentry_org }}
           TRACKER_MATOMO_URL: ${{ secrets.TRACKER_MATOMO_URL }}
-          TRACKER_PROVIDER: ${{ secrets.TRACKER_PROVIDER }}
           TRACKER_POSTHOG_API_KEY: ${{ secrets.TRACKER_POSTHOG_API_KEY }}
           TRACKER_POSTHOG_URL: ${{ secrets.TRACKER_POSTHOG_URL }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_URL: ${{ secrets.SENTRY_URL }}
       - name: Archive dist
         uses: actions/upload-artifact@v2