Move GitHiub Secrets into Variables that have no Secrecy need

Case RE-1001: Move GitHiub Secrets into Variables that have no Secrecy need

Changelog:

.github/workflows/openstack-centos-7.yml

@@ -18,22 +18,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/centos-7"
 
 jobs: 

.github/workflows/openstack-cloudlinux-7.yml.disabled

@@ -18,22 +18,6 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
-  TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
-  TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
-  TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/cloudlinux-7"
 
 jobs: 

.github/workflows/openstack-ubuntu-20.yml

@@ -18,22 +18,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_REGION_NAME }}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
   tf_working_directory: "${{ github.workspace }}/.github/workflows/openstack/ubuntu-20.04"
 
 jobs: 

.github/workflows/openstack/centos-7/main.tf

@@ -14,8 +14,8 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
-  region                        = var.os_auth_region
+  auth_url                      = var.os_auth_url
+  region                        = var.os_region_name
 }
 
 data "openstack_images_image_ids_v2" "images" {

.github/workflows/openstack/centos-7/variables.tf

@@ -19,20 +19,14 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
-variable "os_auth_region" {
-  type = string
-}
-
 variable "os_auth_url" {
   type = string
+  default = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
 }
 
-variable "os_project_domain_name" {
+variable "os_region_name" {
   type = string
+  default = "RegionOne"
 }
 
 variable "ssh_private_key" {

.github/workflows/openstack/cloudlinux-7/main.tf → .github/workflows/openstack/cloudlinux-7.disabled/main.tf

@@ -14,7 +14,7 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
+  auth_url                      = var.os_auth_url
   region                        = var.os_auth_region
 }
 

.github/workflows/openstack/cloudlinux-7/variables.tf → .github/workflows/openstack/cloudlinux-7.disabled/variables.tf

@@ -19,22 +19,15 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
-variable "os_auth_region" {
+variable "os_region_name" {
   type = string
+  default = "RegionOne"
 }
 
 variable "os_auth_url" {
   type = string
 }
 
-variable "os_project_domain_name" {
-  type = string
-}
-
 variable "ssh_private_key" {
   type        = string
   description = "SSH private key matching the public key added to the VMs /root/.ssh/authorized_keys file to allow user access."

.github/workflows/openstack/ubuntu-20.04/main.tf

@@ -14,8 +14,8 @@ provider "openstack" {
   user_name                     = var.user
   application_credential_id     = var.application_credential_id
   application_credential_secret = var.application_credential_secret
-  auth_url                      = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
-  region                        = var.os_auth_region
+  auth_url                      = var.os_auth_url
+  region                        = var.os_region_name
 }
 
 data "openstack_images_image_ids_v2" "images" {

.github/workflows/openstack/ubuntu-20.04/variables.tf

@@ -11,10 +11,6 @@ variable "application_credential_secret" {
   type = string
 }
 
-variable "os_password" {
-  type = string
-}
-
 variable "github_repository" {
   type = string
 }
@@ -23,16 +19,14 @@ variable "github_run_id" {
   type = string
 }
 
-variable "os_auth_region" {
-  type = string
-}
-
 variable "os_auth_url" {
   type = string
+  default = "https://keystone.hou-01.cloud.prod.cpanel.net:5000/v3"
 }
 
-variable "os_project_domain_name" {
+variable "os_region_name" {
   type = string
+  default = "RegionOne"
 }
 
 variable "ssh_private_key" {

.github/workflows/testsuite.yml

@@ -8,29 +8,31 @@ on:
     tags-ignore:
       - "*"
   pull_request:
+#    types: [opened, synchronize, reopened]
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-testsuite
   cancel-in-progress: true
 
 env:
+  # secrets
   TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
   TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  TF_VAR_github_repository: ${{ github.repository }}
-  TF_VAR_github_run_id: ${{ github.run_id }}
   TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
   TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
-  TF_VAR_os_auth_region: ${{ secrets.OS_AUTH_REGION }}
-  TF_VAR_os_auth_url: ${{ secrets.OS_AUTH_URL }}
-  TF_VAR_os_interface: ${{ secrets.OS_INTERFACE }}
-  TF_VAR_os_project_domain_name: ${{ secrets.OS_PROJECT_DOMAIN_NAME }}
-  TF_VAR_os_password: ${{ secrets.OS_PASSWORD }}
-  TF_VAR_os_project_id: ${{ secrets.OS_PROJECT_ID }}
-  TF_VAR_os_project_domain_id: ${{ secrets.OS_PROJECT_DOMAIN_ID }}
-  TF_VAR_os_project_name: ${{ secrets.OS_PROJECT_NAME }}
-  TF_VAR_os_region_name: ${{ secrets.OS_REGION_NAME }}
-  TF_VAR_os_username: ${{ secrets.OS_USERNAME }}
+
+  # vars
+#  TF_VAR_os_auth_region: ${{ vars.OS_AUTH_REGION }}
+  TF_VAR_os_auth_url: ${{ vars.OS_AUTH_URL }}
+  TF_VAR_os_auth_type: ${{ vars.OS_AUTH_TYPE }}
+  TF_VAR_os_identity_api_version: ${{ vars.OS_IDENTITY_API_VERSION }}
+  TF_VAR_os_interface: ${{ vars.OS_INTERFACE }}
+  TF_VAR_os_region_name: ${{ vars.OS_AUTH_REGION}}
+
+  # github
+  TF_VAR_github_repository: ${{ github.repository }}
+  TF_VAR_github_run_id: ${{ github.run_id }}
 
 jobs:
   testsuite:
@@ -84,21 +86,26 @@ jobs:
       secrets: inherit
       if: >
         (github.event_name == 'pull_request' && github.base_ref == 'main') ||
-        (github.event_name == 'push' && github.ref == 'refs/heads/main')
+        (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
+        (github.event_name == 'push' && github.repository == 'cpanel/elevate-actions' )
+
+
+# We are disabling CloudLinux for the time being as it's considered undependable at this point on the CLoudLinux side
+#  CloudLinux-7:
+#      needs: testsuite
+#      uses: ./.github/workflows/openstack-cloudlinux-7.yml
+#      secrets: inherit
+#      if: >
+#        (github.event_name == 'pull_request' && github.base_ref == 'main') ||
+#        (github.event_name == 'push' && github.ref == 'refs/heads/main')
 
-  #CloudLinux-7:
-      #needs: testsuite
-      #uses: ./.github/workflows/openstack-cloudlinux-7.yml
-      #secrets: inherit
-      #if: >
-        #(github.event_name == 'pull_request' && github.base_ref == 'main') ||
-        #(github.event_name == 'push' && github.ref == 'refs/heads/main')
 
   Ubuntu-20:
       needs: testsuite
       uses: ./.github/workflows/openstack-ubuntu-20.yml
       secrets: inherit
       if: >
         (github.event_name == 'pull_request' && github.base_ref == 'main') ||
-        (github.event_name == 'push' && github.ref == 'refs/heads/main')
+        (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
+        (github.event_name == 'push' && github.repository == 'cpanel/elevate-actions' )