Switch to pull non-secret values from env (#624)

Author: sethvargo

.github/workflows/integration.yml

@@ -84,28 +84,28 @@ jobs:
       - name: 'Set project ID'
         uses: './'
         with:
-          project_id: '${{ secrets.PROJECT_ID }}'
+          project_id: '${{ vars.PROJECT_ID }}'
 
       - name: 'Check project ID'
         run: 'npm run integration'
         env:
-          TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
+          TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
 
       # Authenticate via WIF
       - name: 'Authenticate via WIF'
         uses: 'google-github-actions/auth@main'
         with:
-          workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
-          service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
       - name: 'Setup gcloud with WIF'
         uses: './'
 
       - name: 'Check WIF authentication'
         run: 'npm run integration'
         env:
-          TEST_ACCOUNT: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
-          TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
+          TEST_ACCOUNT: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
 
       # Authenticate via SAKE
       - name: 'Authenticate via SAKE'
@@ -119,5 +119,5 @@ jobs:
       - name: 'Check SAKE authentication'
         run: 'npm run integration'
         env:
-          TEST_ACCOUNT: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
-          TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
+          TEST_ACCOUNT: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'

example-workflows/cloud-build/.github/workflows/cloud-build.yml

@@ -20,7 +20,7 @@ on:
     - 'main'
 
 env:
-  PROJECT_ID: ${{ secrets.RUN_PROJECT }}
+  PROJECT_ID: ${{ vars.RUN_PROJECT }}
   SERVICE_NAME: helloworld-nodejs
 
 jobs:
@@ -43,7 +43,7 @@ jobs:
       uses: 'google-github-actions/auth@v1'
       with:
         workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
-        service_account: '${{ secrets.RUN_SA_EMAIL }}'
+        service_account: '${{ vars.RUN_SA_EMAIL }}'
 
     # Alternative option - authentication via credentials json
     # - id: 'auth'

example-workflows/cloud-run/cloud-run.yml

@@ -19,7 +19,7 @@ on:
 
 name: Build and Deploy to Cloud Run
 env:
-  PROJECT_ID: ${{ secrets.GCP_PROJECT }}
+  PROJECT_ID: ${{ vars.GCP_PROJECT }}
   SERVICE: YOUR_SERVICE_NAME
   REGION: YOUR_SERVICE_REGION
 

example-workflows/gce/.github/workflows/gce.yaml

@@ -20,7 +20,7 @@ on:
     - 'main'
 
 env:
-  PROJECT_ID: ${{ secrets.GCE_PROJECT }}
+  PROJECT_ID: ${{ vars.GCE_PROJECT }}
   GCE_INSTANCE: my-githubactions-vm  # TODO: update to instance name
   GCE_INSTANCE_ZONE: us-central1-a   # TODO: update to instance zone
 

example-workflows/gke-kustomize/.github/workflows/gke-kustomize.yml

@@ -20,7 +20,7 @@ on:
     - main
 
 env:
-  PROJECT_ID: ${{ secrets.GKE_PROJECT }}
+  PROJECT_ID: ${{ vars.GKE_PROJECT }}
   GAR_LOCATION: us-central1 # # TODO: update region of the Artifact Registry
   GKE_CLUSTER: cluster-1    # TODO: update to cluster name
   GKE_ZONE: us-central1-c   # TODO: update to cluster zone

example-workflows/gke/.github/workflows/gke.yml

@@ -20,7 +20,7 @@ on:
     - main
 
 env:
-  PROJECT_ID: ${{ secrets.GKE_PROJECT }}
+  PROJECT_ID: ${{ vars.GKE_PROJECT }}
   GKE_CLUSTER: cluster-1    # TODO: update to cluster name
   GKE_ZONE: europe-central2-a	   # TODO: update to cluster zone
   DEPLOYMENT_NAME: gke-hello-app # TODO: update deployment name if changed in deployment.yaml