diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 8f41f94..580953b 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -16,7 +16,7 @@ jobs: # This workflow contains a single job called "build" Plan: # The type of runner that the job will run on - runs-on: [ "229685449397" ] + runs-on: ["229685449397"] env: GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} @@ -46,8 +46,11 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials - run: | - echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_base_url: ${{ vars.GITHUB_BASE_URL }} - name: Terraform Init uses: CSVD/terraform-init@main @@ -60,9 +63,9 @@ jobs: setup_terraform: true terraform_init: true env: - GITHUB_TOKEN: $GITHUB_TOKEN + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} - AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws_auth.outputs.aws_secret_access_key }} AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} - name: debug outputs @@ -90,9 +93,9 @@ jobs: cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }} env: AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} - AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws_auth.outputs.aws_secret_access_key }} AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} - GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov/ HTTP_PROXY: http://proxy.tco.census.gov:3128