diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index bea721a7c6..721e257988 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -20,6 +20,9 @@ on: required: false type: string default: "" + secrets: + QUAY_DEPLOYER_PASSWORD: + required: false permissions: contents: read diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index 2ca3b7f7c2..e98485e1a1 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -20,6 +20,9 @@ on: required: false type: string default: "" + secrets: + QUAY_DEPLOYER_PASSWORD: + required: false permissions: contents: read diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index 37607c83ec..d44908a772 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -20,6 +20,9 @@ on: required: false type: string default: "" + secrets: + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read diff --git a/.github/workflows/build-kata-static-tarball-riscv64.yaml b/.github/workflows/build-kata-static-tarball-riscv64.yaml index e08cc63b88..d2dc644128 100644 --- a/.github/workflows/build-kata-static-tarball-riscv64.yaml +++ b/.github/workflows/build-kata-static-tarball-riscv64.yaml @@ -20,6 +20,9 @@ on: required: false type: string default: "" + secrets: + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index 06f5b1abba..915cb7ae26 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -20,6 +20,12 @@ on: required: false type: string default: "" + secrets: + CI_HKD_PATH: + required: true + QUAY_DEPLOYER_PASSWORD: + required: true + permissions: contents: read diff --git a/.github/workflows/ci-coco-stability.yaml b/.github/workflows/ci-coco-stability.yaml index e16db3850b..291e25324f 100644 --- a/.github/workflows/ci-coco-stability.yaml +++ b/.github/workflows/ci-coco-stability.yaml @@ -24,4 +24,10 @@ jobs: pr-number: "weekly" tag: ${{ github.sha }}-weekly target-branch: ${{ github.ref_name }} - secrets: inherit + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} diff --git a/.github/workflows/ci-devel.yaml b/.github/workflows/ci-devel.yaml index 0f6a62788e..9bf6a8eb61 100644 --- a/.github/workflows/ci-devel.yaml +++ b/.github/workflows/ci-devel.yaml @@ -18,7 +18,16 @@ jobs: pr-number: "dev" tag: ${{ github.sha }}-dev target-branch: ${{ github.ref_name }} - secrets: inherit + + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} + CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} + ITA_KEY: ${{ secrets.ITA_KEY }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-checks: uses: ./.github/workflows/build-checks.yaml diff --git a/.github/workflows/ci-nightly.yaml b/.github/workflows/ci-nightly.yaml index 76a115becd..74fce9c287 100644 --- a/.github/workflows/ci-nightly.yaml +++ b/.github/workflows/ci-nightly.yaml @@ -23,4 +23,12 @@ jobs: pr-number: "nightly" tag: ${{ github.sha }}-nightly target-branch: ${{ github.ref_name }} - secrets: inherit + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} + CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} + ITA_KEY: ${{ secrets.ITA_KEY }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 82224455fe..977ce53ea9 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -44,4 +44,12 @@ jobs: tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }} target-branch: ${{ github.event.pull_request.base.ref }} skip-test: ${{ needs.skipper.outputs.skip_test }} - secrets: inherit + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} + CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} + ITA_KEY: ${{ secrets.ITA_KEY }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} diff --git a/.github/workflows/ci-weekly.yaml b/.github/workflows/ci-weekly.yaml index addeb5a2e3..3224c45e5d 100644 --- a/.github/workflows/ci-weekly.yaml +++ b/.github/workflows/ci-weekly.yaml @@ -15,6 +15,20 @@ on: required: false type: string default: "" + secrets: + AUTHENTICATED_IMAGE_PASSWORD: + required: true + + AZ_APPID: + required: true + AZ_PASSWORD: + required: true + AZ_TENANT_ID: + required: true + AZ_SUBSCRIPTION_ID: + required: true + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read @@ -47,7 +61,8 @@ jobs: target-branch: ${{ inputs.target-branch }} runner: ubuntu-22.04 arch: amd64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-and-publish-tee-confidential-unencrypted-image: permissions: @@ -100,4 +115,9 @@ jobs: pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} tarball-suffix: -${{ inputs.tag }} - secrets: inherit + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index aef7e7578b..7ff1698a50 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,6 +19,24 @@ on: required: false type: string default: no + secrets: + AUTHENTICATED_IMAGE_PASSWORD: + required: true + + AZ_APPID: + required: true + AZ_PASSWORD: + required: true + AZ_TENANT_ID: + required: true + AZ_SUBSCRIPTION_ID: + required: true + CI_HKD_PATH: + required: true + ITA_KEY: + required: true + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read @@ -51,7 +69,8 @@ jobs: target-branch: ${{ inputs.target-branch }} runner: ubuntu-22.04 arch: amd64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-kata-static-tarball-arm64: permissions: @@ -80,7 +99,8 @@ jobs: target-branch: ${{ inputs.target-branch }} runner: ubuntu-22.04-arm arch: arm64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-kata-static-tarball-s390x: permissions: @@ -93,7 +113,9 @@ jobs: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} - secrets: inherit + secrets: + CI_HKD_PATH: ${{ secrets.ci_hkd_path }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-kata-static-tarball-ppc64le: permissions: @@ -104,6 +126,8 @@ jobs: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-kata-static-tarball-riscv64: permissions: @@ -116,7 +140,8 @@ jobs: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-s390x: needs: build-kata-static-tarball-s390x @@ -133,7 +158,8 @@ jobs: target-branch: ${{ inputs.target-branch }} runner: s390x arch: s390x - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-ppc64le: needs: build-kata-static-tarball-ppc64le @@ -150,7 +176,8 @@ jobs: target-branch: ${{ inputs.target-branch }} runner: ppc64le arch: ppc64le - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-and-publish-tee-confidential-unencrypted-image: permissions: @@ -266,7 +293,11 @@ jobs: commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} - secrets: inherit + secrets: + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} run-k8s-tests-on-amd64: if: ${{ inputs.skip-test != 'yes' }} @@ -279,7 +310,6 @@ jobs: commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} - secrets: inherit run-k8s-tests-on-arm64: if: ${{ inputs.skip-test != 'yes' }} @@ -308,7 +338,13 @@ jobs: commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} - secrets: inherit + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} + ITA_KEY: ${{ secrets.ITA_KEY }} run-k8s-tests-on-zvsi: if: ${{ inputs.skip-test != 'yes' }} @@ -321,7 +357,8 @@ jobs: commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} - secrets: inherit + secrets: + AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} run-k8s-tests-on-ppc64le: if: ${{ inputs.skip-test != 'yes' }} diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index dd6c3ab2a0..dc82b7b04a 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -23,7 +23,8 @@ jobs: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-assets-arm64: permissions: @@ -36,7 +37,8 @@ jobs: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-assets-s390x: permissions: @@ -49,7 +51,9 @@ jobs: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} - secrets: inherit + secrets: + CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-assets-ppc64le: permissions: @@ -60,7 +64,8 @@ jobs: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-amd64: needs: build-assets-amd64 @@ -76,7 +81,8 @@ jobs: target-branch: ${{ github.ref_name }} runner: ubuntu-22.04 arch: amd64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-arm64: needs: build-assets-arm64 @@ -92,7 +98,8 @@ jobs: target-branch: ${{ github.ref_name }} runner: ubuntu-22.04-arm arch: arm64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-s390x: needs: build-assets-s390x @@ -108,7 +115,8 @@ jobs: target-branch: ${{ github.ref_name }} runner: s390x arch: s390x - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-ppc64le: needs: build-assets-ppc64le @@ -124,7 +132,8 @@ jobs: target-branch: ${{ github.ref_name }} runner: ppc64le arch: ppc64le - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-manifest: runs-on: ubuntu-22.04 diff --git a/.github/workflows/publish-kata-deploy-payload.yaml b/.github/workflows/publish-kata-deploy-payload.yaml index 673ce0d072..11d0556218 100644 --- a/.github/workflows/publish-kata-deploy-payload.yaml +++ b/.github/workflows/publish-kata-deploy-payload.yaml @@ -30,6 +30,9 @@ on: description: The arch of the tarball. required: true type: string + secrets: + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read diff --git a/.github/workflows/release-amd64.yaml b/.github/workflows/release-amd64.yaml index ea7eac95a8..97950443f4 100644 --- a/.github/workflows/release-amd64.yaml +++ b/.github/workflows/release-amd64.yaml @@ -5,6 +5,9 @@ on: target-arch: required: true type: string + secrets: + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read @@ -15,7 +18,8 @@ jobs: with: push-to-registry: yes stage: release - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} kata-deploy: needs: build-kata-static-tarball-amd64 diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml index 333c34998e..4d113d55b6 100644 --- a/.github/workflows/release-arm64.yaml +++ b/.github/workflows/release-arm64.yaml @@ -5,6 +5,9 @@ on: target-arch: required: true type: string + secrets: + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read @@ -15,7 +18,8 @@ jobs: with: push-to-registry: yes stage: release - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} kata-deploy: needs: build-kata-static-tarball-arm64 diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml index 281da0227e..0e94c88b68 100644 --- a/.github/workflows/release-ppc64le.yaml +++ b/.github/workflows/release-ppc64le.yaml @@ -5,6 +5,9 @@ on: target-arch: required: true type: string + secrets: + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read @@ -15,7 +18,8 @@ jobs: with: push-to-registry: yes stage: release - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} kata-deploy: needs: build-kata-static-tarball-ppc64le diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml index 73cb001f65..535f5238f1 100644 --- a/.github/workflows/release-s390x.yaml +++ b/.github/workflows/release-s390x.yaml @@ -5,6 +5,11 @@ on: target-arch: required: true type: string + secrets: + CI_HKD_PATH: + required: true + QUAY_DEPLOYER_PASSWORD: + required: true permissions: contents: read @@ -15,7 +20,10 @@ jobs: with: push-to-registry: yes stage: release - secrets: inherit + secrets: + CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + kata-deploy: needs: build-kata-static-tarball-s390x diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f04b326f06..4c5efbf999 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -30,7 +30,8 @@ jobs: uses: ./.github/workflows/release-amd64.yaml with: target-arch: amd64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-and-push-assets-arm64: needs: release @@ -42,7 +43,8 @@ jobs: uses: ./.github/workflows/release-arm64.yaml with: target-arch: arm64 - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-and-push-assets-s390x: needs: release @@ -54,7 +56,9 @@ jobs: uses: ./.github/workflows/release-s390x.yaml with: target-arch: s390x - secrets: inherit + secrets: + CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-and-push-assets-ppc64le: needs: release @@ -64,7 +68,8 @@ jobs: uses: ./.github/workflows/release-ppc64le.yaml with: target-arch: ppc64le - secrets: inherit + secrets: + QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-multi-arch-images: runs-on: ubuntu-22.04 diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index 7aa08a4a5f..117c7b7f46 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -24,6 +24,17 @@ on: required: false type: string default: "" + secrets: + + AZ_APPID: + required: true + AZ_PASSWORD: + required: true + AZ_TENANT_ID: + required: true + AZ_SUBSCRIPTION_ID: + required: true + permissions: contents: read diff --git a/.github/workflows/run-k8s-tests-on-zvsi.yaml b/.github/workflows/run-k8s-tests-on-zvsi.yaml index 0dbe5a919b..60c6d2cb7e 100644 --- a/.github/workflows/run-k8s-tests-on-zvsi.yaml +++ b/.github/workflows/run-k8s-tests-on-zvsi.yaml @@ -21,6 +21,9 @@ on: required: false type: string default: "" + secrets: + AUTHENTICATED_IMAGE_PASSWORD: + required: true permissions: contents: read diff --git a/.github/workflows/run-kata-coco-stability-tests.yaml b/.github/workflows/run-kata-coco-stability-tests.yaml index b21b53919e..1de2f8922e 100644 --- a/.github/workflows/run-kata-coco-stability-tests.yaml +++ b/.github/workflows/run-kata-coco-stability-tests.yaml @@ -24,6 +24,18 @@ on: tarball-suffix: required: false type: string + secrets: + + AZ_APPID: + required: true + AZ_PASSWORD: + required: true + AZ_TENANT_ID: + required: true + AZ_SUBSCRIPTION_ID: + required: true + AUTHENTICATED_IMAGE_PASSWORD: + required: true permissions: contents: read diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml index d079dbdf13..2e78be8146 100644 --- a/.github/workflows/run-kata-coco-tests.yaml +++ b/.github/workflows/run-kata-coco-tests.yaml @@ -24,6 +24,19 @@ on: required: false type: string default: "" + secrets: + AUTHENTICATED_IMAGE_PASSWORD: + required: true + AZ_APPID: + required: true + AZ_PASSWORD: + required: true + AZ_TENANT_ID: + required: true + AZ_SUBSCRIPTION_ID: + required: true + ITA_KEY: + required: true permissions: contents: read diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml index d3409f040f..7e7cd9eb0a 100644 --- a/.github/workflows/run-kata-deploy-tests-on-aks.yaml +++ b/.github/workflows/run-kata-deploy-tests-on-aks.yaml @@ -21,6 +21,15 @@ on: required: false type: string default: "" + secrets: + AZ_APPID: + required: true + AZ_PASSWORD: + required: true + AZ_TENANT_ID: + required: true + AZ_SUBSCRIPTION_ID: + required: true permissions: contents: read