chore: Access Secrets based on segregated environments (#47)

sprintertech · Oct 30, 2024 · 23d9da4 · 23d9da4
1 parent 900d470
commit 23d9da4
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 17 deletions.
diff --git a/.github/workflows/deploy_mainnet.yml b/.github/workflows/deploy_mainnet.yml
@@ -10,29 +10,29 @@ on:
         description: 'The Release tag Version'
         required: true
         type: string
+run-name: Deploy Inclusion-Prover to Mainnet - ${{ inputs.release_tag }} by @${{ github.actor }}
 
-
 env:
-  AWS_REGION: '${{ secrets.AWS_REGION }}'
   ENVIRONMENT: MAINNET
-  AWS_MAINNET: '${{ secrets.AWS_MAINNET }}'
   REGISTRY: 'ghcr.io'
   VERSION: ${{ inputs.release_tag }}
 
 jobs:
   deploy:
     name: deploy
     runs-on: ubuntu-latest
-
+    environment: mainnet
     permissions:
       contents: read
       id-token: write
-
+    env:
+      AWS_REGION: '${{ secrets.AWS_REGION }}'
+      AWS_MAINNET: '${{ secrets.AWS_MAINNET }}'
     steps:
       - name: Authorised User only
         run: |
           if [[ ! " mpetrun5 MakMuftic eedygreen " =~ " ${{ github.actor }} " ]]; then 
-            echo "You are not authorized to deploy to mainnet."
+            echo "You are not authorized to deploy to mainnet!"
             exit 1
           fi
       - name: checkout ecs repo
@@ -49,15 +49,15 @@ jobs:
           data_format: json
           variables: |
             awsAccountId=${{ env.AWS_MAINNET }}
-            awsRegion=${{ secrets.AWS_REGION }}
-            awsEfs=${{ secrets.INCLUSION_EFS_MAINNET }}
+            awsRegion=${{ env.AWS_REGION }}
+            awsEfs=${{ secrets.INCLUSION_EFS }}
             imageTag=${{ env.VERSION }}
 
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ env.AWS_MAINNET }}:role/github-actions-${{ env.ENVIRONMENT }}-chainbridge
-          aws-region: ${{ secrets.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION }}
           role-session-name: GithubActions
 
       - name: deploy task definition

diff --git a/.github/workflows/deploy_testnet.yml b/.github/workflows/deploy_testnet.yml
@@ -7,18 +7,19 @@ on:
   push:
     branches:
       - main
-
+
+run-name: Deploy Inclusion-Prover to Testnet - ${{ inputs.release_tag }} by @${{ github.actor }}
+
 env:
   ENVIRONMENT: 'TESTNET'
   REGISTRY: 'ghcr.io'
   TAG: 'latest'
-  AWS_TESTNET: '${{ secrets.AWS_ARN }}'
+
 
 jobs:
   push:
     name: push
     runs-on: ubuntu-latest
-
     permissions:
       contents: read
       id-token: write
@@ -60,11 +61,13 @@ jobs:
     needs: push
     name: deploy
     runs-on: ubuntu-latest
-
+    environment: testnet
     permissions:
       contents: read
       id-token: write
-
+    env: 
+      AWS_TESTNET: '${{ secrets.AWS_TESTNET }}'
+      AWS_REGION: '${{ secrets.AWS_REGION }}'
     steps:
       - name: checkout ecs repo
         uses: actions/checkout@v4
@@ -80,15 +83,15 @@ jobs:
           data_format: json
           variables: |
             awsAccountId=${{ env.AWS_TESTNET }}
-            awsRegion=${{ secrets.AWS_REGION }}
-            awsEfs=${{ secrets.INCLUSION_EFS_TESTNET }}
+            awsRegion=${{ env.AWS_REGION }}
+            awsEfs=${{ secrets.INCLUSION_EFS }}
             imageTag=${{ github.ref_name }}
 
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ env.AWS_TESTNET }}:role/github-actions-${{ env.ENVIRONMENT }}-chainbridge
-          aws-region: ${{ secrets.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION }}
           role-session-name: GithubActions
 
       - name: deploy task definition