diff options
author | Joffrey Bion <joffrey.bion@gmail.com> | 2021-02-07 15:26:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-07 15:26:17 +0100 |
commit | afc8f5f7e75045cef5d48f9a485681e131b8b65a (patch) | |
tree | 29c2338e4b6ce88304f330c381f34bc386a13a39 /.github/workflows/ci-cd.yml | |
parent | Remove heroku deployment (diff) | |
download | seven-wonders-afc8f5f7e75045cef5d48f9a485681e131b8b65a.tar.gz seven-wonders-afc8f5f7e75045cef5d48f9a485681e131b8b65a.tar.bz2 seven-wonders-afc8f5f7e75045cef5d48f9a485681e131b8b65a.zip |
Use shory-lived k8s digitalocean credentials
This is to avoid accumulating long lived tokens
Diffstat (limited to '.github/workflows/ci-cd.yml')
-rw-r--r-- | .github/workflows/ci-cd.yml | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 41ba5978..56fc5f12 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -77,8 +77,9 @@ jobs: with: token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} + # Short-lived credentials (5 min) to avoid accumulating tokens - name: Setup DigitalOcean kubeconfig - run: doctl kubernetes cluster kubeconfig save bro-cluster + run: doctl kubernetes cluster kubeconfig save --expiry-seconds 300 bro-cluster - name: Update deployment file run: TAG=${{ env.DOCKER_IMAGE_TAG_BUILD }} && sed -i 's|:latest|:'${TAG}'|' kubernetes/server.yml |