Merge pull request #36 from GSA/clean-up-deploy-secrets

Use prod secrets for deployed environments

.github/workflows/checks.yml

@@ -91,7 +91,5 @@ jobs:
         run: make run-flask &
         env:
           NOTIFY_ENVIRONMENT: scanning
-      - name: Install pa11y-ci
-        run: npm install -g pa11y-ci
       - name: Run pa11y-ci
-        run: pa11y-ci
+        run: make a11y-scan

.github/workflows/deploy.yml

@@ -35,11 +35,11 @@ jobs:
       - name: Deploy to cloud.gov
         uses: 18f/cg-deploy-action@main
         env:
-          DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
-          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          DANGEROUS_SALT: ${{ secrets.PROD_DANGEROUS_SALT }}
+          SECRET_KEY: ${{ secrets.PROD_SECRET_KEY }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
+          ADMIN_CLIENT_SECRET: ${{ secrets.PROD_ADMIN_CLIENT_SECRET }}
           BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
           REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }}
         with:

Makefile

@@ -88,8 +88,8 @@ static-scan:
 
 .PHONY: a11y-scan
 a11y-scan:
-	npm install -g pa11y-ci
-	pa11y-ci
+	source $(NVMSH) && npm install -g pa11y-ci
+	source $(NVMSH) && pa11y-ci
 
 .PHONY: clean
 clean: