chore: Access Secrets based on segregated environments (#51)

sygmaprotocol · Nov 6, 2024 · 177b285 · 177b285
1 parent 942a806
commit 177b285
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 12 deletions.
diff --git a/.github/workflows/deploy_mainnet.yml b/.github/workflows/deploy_mainnet.yml
@@ -11,24 +11,25 @@ on:
         required: true
         type: string
 
-
+run-name: Deploy Spectre Node to Mainnet - ${{ inputs.release_tag }} by @${{ github.actor }}
+
 env:
-  AWS_REGION: '${{ secrets.AWS_REGION }}'
   ENVIRONMENT: MAINNET
-  AWS_MAINNET: '${{ secrets.AWS_MAINNET }}'
   REGISTRY: 'ghcr.io'
   VERSION: ${{ inputs.release_tag }}
 
 jobs:        
   deploy:
     name: deploy
     runs-on: ubuntu-latest
-
+    environment: mainnet
     permissions:
       contents: read
       id-token: write
       actions: write
-
+    env:
+      AWS_REGION: '${{ secrets.AWS_REGION }}'
+      AWS_MAINNET: '${{ secrets.AWS_MAINNET }}'
     steps:
       - name: Authorised User only
         run: |
@@ -55,7 +56,7 @@ jobs:
             awsRegion=${{ env.AWS_REGION }}
             awsEnv=${{ env.ENVIRONMENT }}
             imageTag=${{ env.VERSION }}
-            awsEfs=${{ secrets.SPECTRE_EFS_MAINNET }}
+            awsEfs=${{ secrets.SPECTRE_EFS }}
   
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4

diff --git a/.github/workflows/deploy_testnet.yml b/.github/workflows/deploy_testnet.yml
@@ -7,12 +7,13 @@ on:
   push:
     branches:
       - main
-
+
+run-name: Deploy Spectre Node to Testnet - ${{ inputs.release_tag }} by @${{ github.actor }}
+
 env:
   ENVIRONMENT: 'TESTNET'
   REGISTRY: 'ghcr.io'
   TAG: 'latest'
-  AWS_TESTNET: '${{ secrets.AWS_ARN }}'
 
 jobs:
   push:
@@ -60,13 +61,16 @@ jobs:
     needs: push
     name: deploy
     runs-on: ubuntu-latest
+    environment: testnet
     strategy:
       matrix:
         spectre_id: [0]
-
     permissions:
       contents: read
       id-token: write
+    env: 
+      AWS_TESTNET: '${{ secrets.AWS_TESTNET }}'
+      AWS_REGION: '${{ secrets.AWS_REGION }}'
 
     steps:
       - name: checkout ecs repo
@@ -84,15 +88,15 @@ jobs:
           variables: |
             spectreId=${{ matrix.spectre_id }}
             awsAccountId=${{ env.AWS_TESTNET }}
-            awsRegion=${{ secrets.AWS_REGION }}
-            awsEfs=${{ secrets.SPECTRE_EFS_TESTNET }}
+            awsRegion=${{ env.AWS_REGION }}
+            awsEfs=${{ secrets.SPECTRE_EFS }}
             imageTag=${{ github.ref_name }}
 
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ env.AWS_TESTNET }}:role/github-actions-${{ env.ENVIRONMENT }}-chainbridge
-          aws-region: ${{ secrets.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION }}
           role-session-name: GithubActions
 
       - name: deploy task definition