Merge pull request #254 from rancher/eio-secret

Transition from GH secrets to Vault
rancher · Jul 30, 2024 · cd7d3a5 · cd7d3a5
2 parents 8f18886 + 549a2b6
commit cd7d3a5
Showing 1 changed file with 10 additions and 14 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,31 +5,27 @@ on:
     tags:
       - 'v*'
 
-# GitHub settings / example values:
-#
-# org level vars:
-#   - PUBLIC_REGISTRY: docker.io
-# repo level vars:
-#   - PUBLIC_REGISTRY_REPO: rancher
-# repo level secrets:
-#   - PUBLIC_REGISTRY_USERNAME
-#   - PUBLIC_REGISTRY_PASSWORD
-
 permissions:
   contents: write # Upload artefacts to release.
+  id-token: write # required by read-vault-secrets.
 
 jobs:
 
   publish-public:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Login to DockerHub
+    - name: Load Secrets from Vault
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+    - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
-        registry: ${{ vars.PUBLIC_REGISTRY }}
-        username: ${{ secrets.PUBLIC_REGISTRY_USERNAME }}
-        password: ${{ secrets.PUBLIC_REGISTRY_PASSWORD }}
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
     - name: Setup QEMU
       uses: docker/setup-qemu-action@v3
     - name: Setup Docker Buildx