This repository holds common configurations and settings for key pieces of the conda-forge infrastructure.
Note
This is not a forum for end-user questions
The sync-secrets-gha pulumi project syncs secrets from the conda-forge 1password vault to Github
- Install the 1password cli
- Export environment variables:
GITHUB_TOKEN(permissions torepoandadmin:org)OP_SERVICE_ACCOUNT_TOKEN(token for 1password service account)
- Setup pulumi (only needs to be run once)
$ pulumi install
$ pulumi plugin install resource onepassword --server github://api.github.com/1Password/pulumi-onepassword
- Apply changes
$ pulumi up
.github/workflows/push-1password-secrets-to-gha
Try it out by:
- create and push a branch names with following the pattern "push-secrets-*" OR manually run the workflow
- observe the run in github action that populates secrets
The sync-secrets-heroku pulumi project syncs secrets from the conda-forge 1password vault to Heroku
- Install the 1password cli
- Export environment variables:
HEROKU_API_KEY(api token for heroku)OP_SERVICE_ACCOUNT_TOKEN(token for 1password service account)
- Setup pulumi (only needs to be run once)
$ pulumi install
$ pulumi plugin install resource onepassword --server github://api.github.com/1Password/pulumi-onepassword
- Apply changes
$ pulumi up
.github/workflows/push-1password-secrets-to-gha
Try it out by:
- create and push a branch names with following the pattern "push-secrets-*" OR manually run the workflow
- observe the run in github action that populates secrets
