search

DFE-Digital / github-actions

A central repo for sharing useful github actions
https://dfe-digital.github.io/github-actions/
6 stars 4 forks source link

YAML secret #33

Closed saliceti closed 2 years ago

saliceti commented 2 years ago

What

Extracts a single secret value from a YAML file stored in Azure key vault

How to review

sfawcett123 commented 2 years ago

How difficult would it be to provide a list of secrets ?

saliceti commented 2 years ago

How difficult would it be to provide a list of secrets ?

Ideally we would need to have variable outputs but I couldn't find how to do it with the composite action (see https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputs-for-composite-actions). The alternative is to encode as json in the action, then decode when you use it but it makes it less easy to use.

The login step is the slowest. I'm thinking to remove it so you can call this action multiple times quickly.

saliceti commented 2 years ago

@sfawcett123 I've removed the azure login step fron this action. It is more standard with the other Azure actions as the login step is always done separately. It also make the retrieval of secrets faster, about 2-3s for each. So it doesn't make much difference to use a list of secrets now. We can look at that in the future but that will be much more work.

sfawcett123 commented 2 years ago

Testing the code on https://github.com/DFE-Digital/schools-experience/pull/2050

sfawcett123 commented 2 years ago

Other than in the comments maybe you should put ; it all works on my deployment. 

      -  uses: actions/checkout@v2
saliceti commented 2 years ago

Github action to extract secret from keyvault yaml