From fe7ea73b61b9e7a09013e434afa7f848d43201cc Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Fri, 2 Sep 2022 12:12:35 -0400 Subject: [PATCH 1/2] Use prod secrets for deployed environments --- .github/workflows/deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ce95e98d4..3c7f90d9b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -35,11 +35,11 @@ jobs: - name: Deploy to cloud.gov uses: 18f/cg-deploy-action@main env: - DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }} - SECRET_KEY: ${{ secrets.SECRET_KEY }} + DANGEROUS_SALT: ${{ secrets.PROD_DANGEROUS_SALT }} + SECRET_KEY: ${{ secrets.PROD_SECRET_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }} + ADMIN_CLIENT_SECRET: ${{ secrets.PROD_ADMIN_CLIENT_SECRET }} BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }} REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }} with: From 251ac133b5d1c65a4594ef12990b06658bd9a983 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Fri, 2 Sep 2022 13:29:56 -0400 Subject: [PATCH 2/2] Source nvmsh as part of a11y-scan --- .github/workflows/checks.yml | 4 +--- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 93fdb3553..87ac3c240 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -91,7 +91,5 @@ jobs: run: make run-flask & env: NOTIFY_ENVIRONMENT: scanning - - name: Install pa11y-ci - run: npm install -g pa11y-ci - name: Run pa11y-ci - run: pa11y-ci + run: make a11y-scan diff --git a/Makefile b/Makefile index 5e0975132..9a0de687f 100644 --- a/Makefile +++ b/Makefile @@ -88,8 +88,8 @@ static-scan: .PHONY: a11y-scan a11y-scan: - npm install -g pa11y-ci - pa11y-ci + source $(NVMSH) && npm install -g pa11y-ci + source $(NVMSH) && pa11y-ci .PHONY: clean clean: