From ddfd97464bc1190178052fe14d9b0bc113e11cb9 Mon Sep 17 00:00:00 2001
From: Dan Snow <daniel.snow@cookcountyil.gov>
Date: Tue, 8 Aug 2023 15:24:00 +0000
Subject: [PATCH] Fix for secret inheritance for composite action

---
 .github/actions/prepare-ptaxsim/action.yaml | 6 ++++--
 .github/workflows/R-CMD-check.yaml          | 4 +++-
 .github/workflows/pkgdown.yaml              | 4 +++-
 .github/workflows/test-coverage.yaml        | 4 +++-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/actions/prepare-ptaxsim/action.yaml b/.github/actions/prepare-ptaxsim/action.yaml
index ea096d9..a7da3b2 100644
--- a/.github/actions/prepare-ptaxsim/action.yaml
+++ b/.github/actions/prepare-ptaxsim/action.yaml
@@ -1,10 +1,12 @@
-name: Prepare PTAXSIM DB
+name: Prepare PTAXSIM database
 description: Downloads and extracts the PTAXSIM database file from S3
 inputs:
   PTAXSIM_DB_BASE_URL:
     required: false
     type: string
     default: "s3://ccao-data-public-us-east-1/ptaxsim"
+  SECRETS:
+    description: "Fetch secrets from workflow as JSON"
 outputs:
   PTAXSIM_VERSION:
     description: "PTAXSIM database version"
@@ -34,7 +36,7 @@ runs:
       if: steps.restore_db_cache.outputs.cache-hit != 'true'
       uses: aws-actions/configure-aws-credentials@v2
       with:
-        role-to-assume: ${{ secrets.AWS_IAM_ROLE_TO_ASSUME_ARN }}
+        role-to-assume: ${{ fromJSON(inputs.SECRETS).AWS_IAM_ROLE_TO_ASSUME_ARN }}
         aws-region: us-east-1
 
     - name: Fetch database file
diff --git a/.github/workflows/R-CMD-check.yaml b/.github/workflows/R-CMD-check.yaml
index daa115c..49c7c2a 100644
--- a/.github/workflows/R-CMD-check.yaml
+++ b/.github/workflows/R-CMD-check.yaml
@@ -31,8 +31,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Prepare PTAXSIM DB
+      - name: Prepare PTAXSIM database
         uses: ./.github/actions/prepare-ptaxsim
+        with:
+          SECRETS: ${{ toJSON(secrets) }}
 
       - name: Setup pandoc
         uses: r-lib/actions/setup-pandoc@v2
diff --git a/.github/workflows/pkgdown.yaml b/.github/workflows/pkgdown.yaml
index c4444a9..0a0bdd1 100644
--- a/.github/workflows/pkgdown.yaml
+++ b/.github/workflows/pkgdown.yaml
@@ -22,8 +22,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Prepare PTAXSIM DB
+      - name: Prepare PTAXSIM database
         uses: ./.github/actions/prepare-ptaxsim
+        with:
+          SECRETS: ${{ toJSON(secrets) }}
 
       - name: Setup pandoc
         uses: r-lib/actions/setup-pandoc@v2
diff --git a/.github/workflows/test-coverage.yaml b/.github/workflows/test-coverage.yaml
index 29e6088..f468ae2 100644
--- a/.github/workflows/test-coverage.yaml
+++ b/.github/workflows/test-coverage.yaml
@@ -20,8 +20,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Prepare PTAXSIM DB
+      - name: Prepare PTAXSIM database
         uses: ./.github/actions/prepare-ptaxsim
+        with:
+          SECRETS: ${{ toJSON(secrets) }}
 
       - name: Setup R
         uses: r-lib/actions/setup-r@v2