diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index bb09fbcf071..8aa69c65b38 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -407,7 +407,6 @@ jobs: if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: bitwarden/gh-actions/azure-logout@main - crowdin-push: name: Crowdin Push if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main' @@ -453,7 +452,6 @@ jobs: upload_sources: true upload_translations: false - trigger-web-vault-deploy: name: Trigger web vault deploy if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main' @@ -461,6 +459,7 @@ jobs: needs: build-containers permissions: id-token: write + actions: write steps: - name: Log in to Azure uses: bitwarden/gh-actions/azure-login@main @@ -469,20 +468,10 @@ jobs: tenant_id: ${{ secrets.AZURE_TENANT_ID }} client_id: ${{ secrets.AZURE_CLIENT_ID }} - - name: Retrieve github PAT secrets - id: retrieve-secret-pat - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "github-pat-bitwarden-devops-bot-repo-scope" - - - name: Log out from Azure - uses: bitwarden/gh-actions/azure-logout@main - - name: Trigger web vault deploy using GitHub Run ID uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: - github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.actions.createWorkflowDispatch({ owner: 'bitwarden', @@ -495,7 +484,6 @@ jobs: } }) - check-failures: name: Check for failures if: always() diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index 1deeea12f88..9992930a3ad 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -189,6 +189,7 @@ jobs: permissions: contents: read id-token: write + actions: write env: _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment_artifact }} outputs: @@ -218,26 +219,6 @@ jobs: branch: ${{ inputs.branch-or-tag }} artifacts: ${{ env._ENVIRONMENT_ARTIFACT }} - - name: Log in to Azure - if: ${{ steps.download-latest-artifacts.outcome == 'failure' }} - uses: bitwarden/gh-actions/azure-login@main - with: - subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant_id: ${{ secrets.AZURE_TENANT_ID }} - client_id: ${{ secrets.AZURE_CLIENT_ID }} - - - name: Retrieve secrets for Build trigger - if: ${{ steps.download-latest-artifacts.outcome == 'failure' }} - id: retrieve-secret - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "github-pat-bitwarden-devops-bot-repo-scope" - - - name: Log out from Azure - if: ${{ steps.download-latest-artifacts.outcome == 'failure' }} - uses: bitwarden/gh-actions/azure-logout@main - - name: 'Trigger build web for missing branch/tag ${{ inputs.branch-or-tag }}' if: ${{ steps.download-latest-artifacts.outcome == 'failure' }} uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be # v1.6.5 @@ -245,7 +226,7 @@ jobs: with: owner: bitwarden repo: clients - github_token: ${{ steps.retrieve-secret.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + github_token: ${{ secrets.GITHUB_TOKEN }} workflow_file_name: build-web.yml ref: ${{ inputs.branch-or-tag }} wait_interval: 100