secrets pipeline

Author: Ivo Hlavaty

.github/workflows/secrets-management.yaml

@@ -0,0 +1,26 @@
+
+---
+name: sync secrets
+on:   # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - engops_maintenance 
+permissions:
+  id-token: write
+  contents: read
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Azure
+        uses: azure/login@v1
+        with:
+          client-id: ${{ vars.GH_APP_ORG_ENGOPS_MAINTENANCE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_SWI_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_ITSANDBOX_SUBSCRIPTION_ID }}
+      - name: 'set-org-secret'
+        run: |
+          echo "Syncing CODECOV_TOKEN ..."
+          SECRET="CODECOV_TOKEN"
+          SECRET_NAME="vividcortex--siesta--${SECRET//_/-}"
+          [ ! -z "${{ secrets.CODECOV_TOKEN }}" ] && az keyvault secret set --name "$SECRET_NAME" --vault-name "gh-scs" --value "${{ secrets.CODECOV_TOKEN }}"