Use GitHub secrets instead of Vault in test_gcp_integration.yaml.

nebari-dev · Dec 24, 2024 · 8a6ec44 · 8a6ec44
1 parent 818215d
commit 8a6ec44
Showing 1 changed file with 2 additions and 15 deletions.
diff --git a/.github/workflows/test_gcp_integration.yaml b/.github/workflows/test_gcp_integration.yaml
@@ -50,24 +50,11 @@ jobs:
           pip install .[dev]
           playwright install
 
-      - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v3.0.0
-        with:
-          method: jwt
-          url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"
-          namespace: "admin/quansight"
-          role: "repository-nebari-dev-nebari-role"
-          secrets: |
-            kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci project_id | PROJECT_ID;
-            kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci workload_identity_provider | GCP_WORKFLOW_PROVIDER;
-            kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci service_account_name | GCP_SERVICE_ACCOUNT;
-            kv/data/repository/nebari-dev/nebari/cloudflare/internal-devops@quansight.com/nebari-dev-ci token | CLOUDFLARE_TOKEN;
-
       - name: 'Authenticate to GCP'
         uses: 'google-github-actions/auth@v1'
         with:
-            workload_identity_provider: ${{ env.GCP_WORKFLOW_PROVIDER }}
-            service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
+            workload_identity_provider: ${{ secrets.GCP_WORKFLOW_PROVIDER }}
+            service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
 
       - name: Set required environment variables
         run: |