summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoffrey Bion <joffrey.bion@gmail.com>2021-02-07 15:26:17 +0100
committerGitHub <noreply@github.com>2021-02-07 15:26:17 +0100
commitafc8f5f7e75045cef5d48f9a485681e131b8b65a (patch)
tree29c2338e4b6ce88304f330c381f34bc386a13a39
parentRemove heroku deployment (diff)
downloadseven-wonders-afc8f5f7e75045cef5d48f9a485681e131b8b65a.tar.gz
seven-wonders-afc8f5f7e75045cef5d48f9a485681e131b8b65a.tar.bz2
seven-wonders-afc8f5f7e75045cef5d48f9a485681e131b8b65a.zip
Use shory-lived k8s digitalocean credentials
This is to avoid accumulating long lived tokens
-rw-r--r--.github/workflows/ci-cd.yml3
1 files changed, 2 insertions, 1 deletions
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 41ba5978..56fc5f12 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -77,8 +77,9 @@ jobs:
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+ # Short-lived credentials (5 min) to avoid accumulating tokens
- name: Setup DigitalOcean kubeconfig
- run: doctl kubernetes cluster kubeconfig save bro-cluster
+ run: doctl kubernetes cluster kubeconfig save --expiry-seconds 300 bro-cluster
- name: Update deployment file
run: TAG=${{ env.DOCKER_IMAGE_TAG_BUILD }} && sed -i 's|:latest|:'${TAG}'|' kubernetes/server.yml
bgstack15