Move GitHub Secrets into Variables that have no Secrecy need

Case RE-1001: Move GitHub Secrets into Variables Changelog:
cpanel · Jan 9, 2025 · eb934e4 · eb934e4
1 parent 116dae9
commit eb934e4
Show file tree

Hide file tree

Showing 10 changed files with 115 additions and 108 deletions.
diff --git a/.github/workflows/openstack-centos-7.yml b/.github/workflows/openstack-centos-7.yml
@@ -1,39 +1,29 @@
 name: "Test Run: centos-7"
 
 on:
-  workflow_dispatch:
-    inputs:
-      message:
-        description: 'Build description CentOS 7'
-
-  workflow_run:
-    workflows: ["TestSuite"]
-    types:
-      - completed
-
   workflow_call:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-openstack-centos-7
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/centos-7"
 
 jobs: 
@@ -44,6 +34,18 @@ jobs:
             working-directory: "${{ github.workspace }}/.github/workflows/openstack/centos-7"
         steps:
         - uses: actions/checkout@v4
+
+        - name: Dump all GitHub variables
+          run: |
+            echo "Dumping all GitHub variables:"
+            echo "github.ref: ${{ github.ref }}"
+            echo "github.ref_name: ${{ github.ref_name }}"
+            echo "github.job: ${{ github.job }}"
+            echo "github.workflow: ${{ github.workflow }}"
+            echo "github.triggering_actor: ${{ github.triggering_actor }}"
+            echo "github.event_name: ${{ github.event_name }}"
+            echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
+
         - name: Terraform fmt
           id: fmt
           run: |
@@ -553,7 +555,7 @@ jobs:
               /scripts/status_marker 5
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep 2.5
-              SKIP_PID_CHECK=1 REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
 
     wait_for_final_reboot:
       runs-on: self-hosted

diff --git a/.github/workflows/openstack-cloudlinux-7.yml b/.github/workflows/openstack-cloudlinux-7.yml
@@ -18,22 +18,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/cloudlinux-7"
 
 jobs: 
@@ -44,6 +44,18 @@ jobs:
             working-directory: "${{ github.workspace }}/.github/workflows/openstack/cloudlinux-7"
         steps:
         - uses: actions/checkout@v4
+
+        - name: Dump all GitHub variables
+          run: |
+            echo "Dumping all GitHub variables:"
+            echo "github.ref: ${{ github.ref }}"
+            echo "github.ref_name: ${{ github.ref_name }}"
+            echo "github.job: ${{ github.job }}"
+            echo "github.workflow: ${{ github.workflow }}"
+            echo "github.triggering_actor: ${{ github.triggering_actor }}"
+            echo "github.event_name: ${{ github.event_name }}"
+            echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
+
         - name: Terraform fmt
           id: fmt
           run: |
@@ -566,7 +578,7 @@ jobs:
               /scripts/status_marker 5
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep 2.5
-              SKIP_PID_CHECK=1 REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
 
     wait_for_final_reboot:
       runs-on: self-hosted

diff --git a/.github/workflows/openstack-ubuntu-20.yml b/.github/workflows/openstack-ubuntu-20.yml
@@ -1,39 +1,29 @@
 name: "Test Run: ubuntu-20.04"
 
 on:
-  workflow_dispatch:
-    inputs:
-      message:
-        description: 'Build description Ubuntu 20.04'
-
-  workflow_run:
-    workflows: ["TestSuite"]
-    types:
-      - completed
-
   workflow_call:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-openstack-ubuntu-20.04
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/ubuntu-20.04"
 
 jobs: 
@@ -44,6 +34,19 @@ jobs:
             working-directory: "${{ github.workspace }}/.github/workflows/openstack/ubuntu-20.04"
         steps:
         - uses: actions/checkout@v4
+            # Step to dump all GitHub variables
+
+        - name: Dump all GitHub variables
+          run: |
+            echo "Dumping all GitHub variables:"
+            echo "github.ref: ${{ github.ref }}"
+            echo "github.ref_name: ${{ github.ref_name }}"
+            echo "github.job: ${{ github.job }}"
+            echo "github.workflow: ${{ github.workflow }}"
+            echo "github.triggering_actor: ${{ github.triggering_actor }}"
+            echo "github.event_name: ${{ github.event_name }}"
+            echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
+    
         - name: Terraform fmt
           id: fmt
           run: |
@@ -553,7 +556,7 @@ jobs:
               /scripts/status_marker 5
               tail -n40 -F /var/log/elevate-cpanel.log &
               sleep 2.5
-              SKIP_PID_CHECK=1 REBOOT_STRING="Doing final reboot" RETVAL=1 /scripts/reboot_watch
+              REBOOT_STRING="Great SUCCESS" RETVAL=1 /scripts/reboot_watch
 
     wait_for_final_reboot:
       runs-on: self-hosted

diff --git a/.github/workflows/openstack/centos-7/main.tf b/.github/workflows/openstack/centos-7/main.tf
@@ -14,8 +14,8 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
-  region                        = var.os_auth_region
+  auth_url                      = var.os_auth_url
+  region                        = var.os_region_name
 }
 
 data "openstack_images_image_ids_v2" "images" {

diff --git a/.github/workflows/openstack/centos-7/variables.tf b/.github/workflows/openstack/centos-7/variables.tf
@@ -19,20 +19,14 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
-variable "os_auth_region" {
-  type = string
-}
-
 variable "os_auth_url" {
-  type = string
+  type    = string
+  default = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
 }
 
-variable "os_project_domain_name" {
-  type = string
+variable "os_region_name" {
+  type    = string
+  default = "RegionOne"
 }
 
 variable "ssh_private_key" {

diff --git a/.github/workflows/openstack/cloudlinux-7/main.tf b/.github/workflows/openstack/cloudlinux-7/main.tf
@@ -14,7 +14,7 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
+  auth_url                      = var.os_auth_url
   region                        = var.os_auth_region
 }
 

diff --git a/.github/workflows/openstack/cloudlinux-7/variables.tf b/.github/workflows/openstack/cloudlinux-7/variables.tf
@@ -19,22 +19,15 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
-variable "os_auth_region" {
+variable "os_region_name" {
   type = string
+  default = "RegionOne"
 }
 
 variable "os_auth_url" {
   type = string
 }
 
-variable "os_project_domain_name" {
-  type = string
-}
-
 variable "ssh_private_key" {
   type        = string
   description = "SSH private key matching the public key added to the VMs /root/.ssh/authorized_keys file to allow user access."

diff --git a/.github/workflows/openstack/ubuntu-20.04/main.tf b/.github/workflows/openstack/ubuntu-20.04/main.tf
@@ -14,8 +14,8 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
-  region                        = var.os_auth_region
+  auth_url                      = var.os_auth_url
+  region                        = var.os_region_name
 }
 
 data "openstack_images_image_ids_v2" "images" {

diff --git a/.github/workflows/openstack/ubuntu-20.04/variables.tf b/.github/workflows/openstack/ubuntu-20.04/variables.tf
@@ -11,10 +11,6 @@ variable "application_credential_secret" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
 variable "github_repository" {
   type = string
 }
@@ -23,16 +19,14 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_auth_region" {
-  type = string
-}
-
 variable "os_auth_url" {
-  type = string
+  type    = string
+  default = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
 }
 
-variable "os_project_domain_name" {
-  type = string
+variable "os_region_name" {
+  type    = string
+  default = "RegionOne"
 }
 
 variable "ssh_private_key" {

diff --git a/.github/workflows/testsuite.yml b/.github/workflows/testsuite.yml
@@ -15,22 +15,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_AUTH_REGION}}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
 
 jobs:
   testsuite:
@@ -48,6 +48,16 @@ jobs:
       image: cpanelos/perl-compiler:alma8-perl-v5.36.0
 
     steps:
+      - name: Dump all GitHub variables
+        run: |
+          echo "Dumping all GitHub variables:"
+          echo "github.ref: ${{ github.ref }}"
+          echo "github.ref_name: ${{ github.ref_name }}"
+          echo "github.job: ${{ github.job }}"
+          echo "github.workflow: ${{ github.workflow }}"
+          echo "github.triggering_actor: ${{ github.triggering_actor }}"
+          echo "github.event_name: ${{ github.event_name }}"
+          echo "github.event.repository.master_branch: ${{ github.event.repository.master_branch }}"
 
       - name: Setup PATH
         run: |
@@ -101,4 +111,3 @@ jobs:
       if: >
         (github.event_name == 'pull_request' && github.base_ref == 'main') ||
         (github.event_name == 'push' && github.ref == 'refs/heads/main')
-