From afc8f5f7e75045cef5d48f9a485681e131b8b65a Mon Sep 17 00:00:00 2001
From: Joffrey Bion <joffrey.bion@gmail.com>
Date: Sun, 7 Feb 2021 15:26:17 +0100
Subject: Use shory-lived k8s digitalocean credentials

This is to avoid accumulating long lived tokens
---
 .github/workflows/ci-cd.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to '.github/workflows')

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 41ba5978..56fc5f12 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -77,8 +77,9 @@ jobs:
         with:
           token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 
+      # Short-lived credentials (5 min) to avoid accumulating tokens
       - name: Setup DigitalOcean kubeconfig
-        run: doctl kubernetes cluster kubeconfig save bro-cluster
+        run: doctl kubernetes cluster kubeconfig save --expiry-seconds 300 bro-cluster
         
       - name: Update deployment file
         run: TAG=${{ env.DOCKER_IMAGE_TAG_BUILD }} && sed -i 's|:latest|:'${TAG}'|' kubernetes/server.yml
-- 
cgit