ci: more temp oc tokens

bcgov · Nov 11, 2024 · be70484 · be70484
1 parent 411d7cc
commit be70484
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
@@ -28,8 +28,10 @@ jobs:
         run: |
           # Set Up Routing
 
-          # Login
-          oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
+          # OC Login
+          OC_TEMP_TOKEN=$(curl -k -X POST ${{ vars.oc_server }}/api/v1/namespaces/${{ secrets.oc_namespace }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.oc_token }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )
+
+          oc login --token=$OC_TEMP_TOKEN --server=${{ vars.oc_server }}
           oc project ${{ secrets.oc_namespace }} #Safeguard!
 
           # Delete and replace route

diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
@@ -29,6 +29,7 @@ jobs:
         uses: redhat-actions/openshift-tools-installer@v1
         with:
           oc: "4.14.37"
+
       - name: OC Login
         shell: bash
         run: |
@@ -37,6 +38,7 @@ jobs:
 
           oc login --token=$OC_TEMP_TOKEN --server=https://api.silver.devops.gov.bc.ca:6443
           oc project ${{ secrets.oc_namespace }} # Safeguard!
+
       - name: Remove PR user and database from crunchy.
         shell: bash
         run: |

diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
@@ -20,7 +20,10 @@ jobs:
     steps:
       - name: Clean up Helm Releases
         run: |
-          oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }}
+          # OC Login
+          OC_TEMP_TOKEN=$(curl -k -X POST ${{ vars.oc_server }}/api/v1/namespaces/${{ secrets.oc_namespace }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.oc_token }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )
+
+          oc login --token=$OC_TEMP_TOKEN --server=${{ vars.oc_server }}
           oc project ${{ secrets.OC_NAMESPACE }} # Safeguard!
 
           # Catch errors, unset variables, and pipe failures (e.g. grep || true )