Add gh secret

sync-secrets/Pulumi.yaml

@@ -6,12 +6,67 @@ config:
   github:owner:
         value: conda-forge
 variables:
+  azure-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: azure-token
+        vault: pulumi
   cirun-api-key:
     fn::invoke:
       function: onepassword:getItem
       arguments:
         title: cirun-api-key
         vault: pulumi
+  cf-admin-github-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-admin-github-token
+        vault: pulumi
+  cf-admin-travis-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-admin-travis-token
+        vault: pulumi
+  cf-curator-app-id:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-curator-app-id
+        vault: pulumi
+  cf-curator-private-key:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-curator-private-key
+        vault: pulumi
+  cf-daemon-travis-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-daemon-travis-token
+        vault: pulumi
+  cf-linter-travis-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-linter-travis-token
+        vault: pulumi
+  cf-web-services-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: cf-web-services-token
+        vault: pulumi
+  staging-binstar-token:
+    fn::invoke:
+      function: onepassword:getItem
+      arguments:
+        title: staging-binstar-token
+        vault: pulumi
+
   repo-admin-migrations:
     fn::invoke:
       function: github:getRepository
@@ -70,4 +125,126 @@ resources:
       visibility: selected
       selectedRepositoryIds:
         - ${repo-admin-requests.repoId}
+  gh-org-secret-azure-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: AZURE_TOKEN
+      plaintextValue: ${azure-token.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-requests.repoId}
+        - ${repo-admin-migrations.repoId}
+  gh-org-secret-cf-admin-github-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_ADMIN_GITHUB_TOKEN
+      plaintextValue: ${cf-admin-github-token.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-requests.repoId}
+        - ${repo-admin-migrations.repoId}
+        - ${repo-conda-forge-webservices.repoId}
+  gh-org-secret-cf-admin-travis-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_ADMIN_TRAVIS_TOKEN
+      plaintextValue: ${cf-admin-travis-token.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-requests.repoId}
+  gh-org-secret-cf-curator-app-id:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_CURATOR_APP_ID
+      plaintextValue: ${cf-curator-app-id.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-requests.repoId}
+        - ${repo-admin-migrations.repoId}
+        - ${repo-automerge-action.repoId}
+        - ${repo-by-the-numbers.repoId}
+        - ${repo-core-notes.repoId}
+        - ${repo-conda-forge-webservices.repoId}
+        - ${repo-webservices-dispatch-action.repoId}
+  gh-org-secret-cf-curator-private-key:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_CURATOR_PRIVATE_KEY
+      plaintextValue: ${cf-curator-private-key.privateKey}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-requests.repoId}
+        - ${repo-admin-migrations.repoId}
+        - ${repo-automerge-action.repoId}
+        - ${repo-by-the-numbers.repoId}
+        - ${repo-core-notes.repoId}
+        - ${repo-conda-forge-webservices.repoId}
+        - ${repo-webservices-dispatch-action.repoId}
+  gh-org-secret-cf-daemon-travis-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_DAEMON_TRAVIS_TOKEN
+      plaintextValue: ${cf-daemon-travis-token.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-migrations.repoId}
+  gh-org-secret-cf-linter-travis-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_LINTER_TRAVIS_TOKEN
+      plaintextValue: ${cf-linter-travis-token.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-migrations.repoId}
+  gh-org-secret-cf-webservices-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: CF_WEBSERVICES_TOKEN
+      plaintextValue: ${cf-web-services-token.credential}
+      visibility: selected
+      selectedRepositoryIds:
+        - ${repo-admin-migrations.repoId}
+        - ${repo-conda-forge-webservices.repoId}
+  gh-org-secret-staging-binstar-token:
+    type: github:ActionsOrganizationSecret
+    options:
+      protect: false
+      retainOnDelete: true
+      deleteBeforeReplace: false
+    properties:
+      secretName: STAGING_BINSTAR_TOKEN
+      plaintextValue: ${staging-binstar.credential}
+      visibility: all
 outputs: {}