Skip to content

ci(secrets): Use GH App instead of PAT CU-86c5w81vz #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
7onn merged 1 commit into from
Oct 16, 2025
Merged

ci(secrets): Use GH App instead of PAT CU-86c5w81vz #67

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ jobs:
name: Deploy PY server Argo
uses: ./.github/workflows/helpers-deploy-argo.yaml
secrets:
GH_PAT: ${{ secrets.GH_PAT }}
KITTL_CI_APP_PRIVATE_KEY: ${{ secrets.KITTL_CI_APP_PRIVATE_KEY }}
ECR_ROLE_ARN: ${{ github.ref == 'refs/heads/production' && secrets.PRODUCTION_ECR_ROLE_ARN || secrets.STAGING_ECR_ROLE_ARN }}
17 changes: 13 additions & 4 deletions .github/workflows/helpers-deploy-argo.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ name: helpers-deploy-argo
on:
workflow_call:
secrets:
GH_PAT:
description: "The GitHub Personal Access Token to use for checking out the helm-config repository"
KITTL_CI_APP_PRIVATE_KEY:
description: "The Kittl-CICD GitHub App private key to use for generating a short-living token"
required: true
ECR_ROLE_ARN:
description: "The ECR role ARN"
Expand Down Expand Up @@ -36,13 +36,22 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.KITTL_CI_APP_ID }}
private-key: ${{ secrets.KITTL_CI_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: |
development-applications-config
- name: Checkout helm config Repository
uses: actions/checkout@v4
with:
repository: Kittl/development-applications-config
ref: main
path: helm-config
token: ${{ secrets.GH_PAT }}
token: ${{ secrets.KITTL_CI_APP_PRIVATE_KEY }}
persist-credentials: false
- name: Update Image Version in the related HelmChart values.yaml
uses: fjogeleit/yaml-update-action@v0.14.0
Expand All @@ -54,5 +63,5 @@ jobs:
branch: main
createPR: false
message: 'Update Image Version to ${{ needs.build-docker-image.outputs.image-tag }}'
token: ${{ secrets.GH_PAT }}
token: ${{ secrets.KITTL_CI_APP_PRIVATE_KEY }}
workDir: helm-config
Loading