🐛(CI) purge secret from repository

- Remove *.enc.* - Adapt helmfile - Adapt CI
2024-06-06 17:11:57 +02:00
parent 4e4e2e23e3
commit 37f02893ed
13 changed files with 109 additions and 263 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -12,13 +12,24 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      -
-        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "impress,secrets"
+      -
+        name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+          token: ${{ steps.app-token.outputs.token }}
      -
        name: Load sops secrets
        uses: rouja/actions-sops@main
        with:
-          secret-file: .github/workflows/secrets.enc.env
+          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
          age-key: ${{ secrets.SOPS_PRIVATE }}
      -
        name: Call argocd github webhook