From 549a2b61a62f3f8216f0554efeeb468d19a96272 Mon Sep 17 00:00:00 2001
From: Paulo Gomes <pjbgf@linux.com>
Date: Mon, 22 Jul 2024 14:40:06 +0100
Subject: [PATCH] build: Transition from GH secrets to Vault

Signed-off-by: Paulo Gomes <pjbgf@linux.com>
---
 .github/workflows/release.yml | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9329c6c..c1b327d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,18 +5,9 @@ on:
     tags:
       - 'v*'
 
-# GitHub settings / example values:
-#
-# org level vars:
-#   - PUBLIC_REGISTRY: docker.io
-# repo level vars:
-#   - PUBLIC_REGISTRY_REPO: rancher
-# repo level secrets:
-#   - PUBLIC_REGISTRY_USERNAME
-#   - PUBLIC_REGISTRY_PASSWORD
-
 permissions:
   contents: write # Upload artefacts to release.
+  id-token: write # required by read-vault-secrets.
 
 jobs:
 
@@ -24,12 +15,17 @@ jobs:
     runs-on: ubuntu-latest
     
     steps:
-    - name: Login to DockerHub
+    - name: Load Secrets from Vault
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+    - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
-        registry: ${{ vars.PUBLIC_REGISTRY }}
-        username: ${{ secrets.PUBLIC_REGISTRY_USERNAME }}
-        password: ${{ secrets.PUBLIC_REGISTRY_PASSWORD }}
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
     - name: Setup QEMU
       uses: docker/setup-qemu-action@v3
     - name: Setup Docker Buildx