From 177b28548d3a9a33aa89fe6a9663ea9d5d8da4f2 Mon Sep 17 00:00:00 2001
From: Idris Isah <58168886+eedygreen@users.noreply.github.com>
Date: Wed, 6 Nov 2024 14:00:36 +0100
Subject: [PATCH] chore: Access Secrets based on segregated environments (#51)

---
 .github/workflows/deploy_mainnet.yml | 13 +++++++------
 .github/workflows/deploy_testnet.yml | 16 ++++++++++------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/deploy_mainnet.yml b/.github/workflows/deploy_mainnet.yml
index 2a72764..6670014 100644
--- a/.github/workflows/deploy_mainnet.yml
+++ b/.github/workflows/deploy_mainnet.yml
@@ -11,11 +11,10 @@ on:
         required: true
         type: string
 
-  
+run-name: Deploy Spectre Node to Mainnet - ${{ inputs.release_tag }} by @${{ github.actor }}
+
 env:
-  AWS_REGION: '${{ secrets.AWS_REGION }}'
   ENVIRONMENT: MAINNET
-  AWS_MAINNET: '${{ secrets.AWS_MAINNET }}'
   REGISTRY: 'ghcr.io'
   VERSION: ${{ inputs.release_tag }}
   
@@ -23,12 +22,14 @@ jobs:
   deploy:
     name: deploy
     runs-on: ubuntu-latest
-  
+    environment: mainnet
     permissions:
       contents: read
       id-token: write
       actions: write
-  
+    env:
+      AWS_REGION: '${{ secrets.AWS_REGION }}'
+      AWS_MAINNET: '${{ secrets.AWS_MAINNET }}'
     steps:
       - name: Authorised User only
         run: |
@@ -55,7 +56,7 @@ jobs:
             awsRegion=${{ env.AWS_REGION }}
             awsEnv=${{ env.ENVIRONMENT }}
             imageTag=${{ env.VERSION }}
-            awsEfs=${{ secrets.SPECTRE_EFS_MAINNET }}
+            awsEfs=${{ secrets.SPECTRE_EFS }}
   
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/deploy_testnet.yml b/.github/workflows/deploy_testnet.yml
index 844d8e8..d7f07f7 100644
--- a/.github/workflows/deploy_testnet.yml
+++ b/.github/workflows/deploy_testnet.yml
@@ -7,12 +7,13 @@ on:
   push:
     branches:
       - main
-      
+
+run-name: Deploy Spectre Node to Testnet - ${{ inputs.release_tag }} by @${{ github.actor }}
+
 env:
   ENVIRONMENT: 'TESTNET'
   REGISTRY: 'ghcr.io'
   TAG: 'latest'
-  AWS_TESTNET: '${{ secrets.AWS_ARN }}'
 
 jobs:
   push:
@@ -60,13 +61,16 @@ jobs:
     needs: push
     name: deploy
     runs-on: ubuntu-latest
+    environment: testnet
     strategy:
       matrix:
         spectre_id: [0]
-
     permissions:
       contents: read
       id-token: write
+    env: 
+      AWS_TESTNET: '${{ secrets.AWS_TESTNET }}'
+      AWS_REGION: '${{ secrets.AWS_REGION }}'
 
     steps:
       - name: checkout ecs repo
@@ -84,15 +88,15 @@ jobs:
           variables: |
             spectreId=${{ matrix.spectre_id }}
             awsAccountId=${{ env.AWS_TESTNET }}
-            awsRegion=${{ secrets.AWS_REGION }}
-            awsEfs=${{ secrets.SPECTRE_EFS_TESTNET }}
+            awsRegion=${{ env.AWS_REGION }}
+            awsEfs=${{ secrets.SPECTRE_EFS }}
             imageTag=${{ github.ref_name }}
 
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ env.AWS_TESTNET }}:role/github-actions-${{ env.ENVIRONMENT }}-chainbridge
-          aws-region: ${{ secrets.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION }}
           role-session-name: GithubActions
 
       - name: deploy task definition