fix: add vault step to release github action to retrieve token for version bump in git [EXT-7068] (#2398)

jjolton-contentful · web-flow · commit c913680e3a83 · 2025-12-15T13:38:53.000-07:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -27,6 +27,13 @@ jobs:
           fetch-depth: 0
           ref: ${{ github.event.workflow_run.head_branch || github.ref }}
 
+      - name: Retrieve Secrets from Vault
+        id: vault
+        uses: contentful/vault-github-actions/action@v1
+        with:
+          url: ${{ secrets.VAULT_URL }}
+          template-preset: semantic-release
+
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
@@ -49,7 +56,7 @@ jobs:
           echo "npm version: $(npm -v)"
           npm run semantic-release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }}
 
       - name: Get latest release tag
         id: get-tag
@@ -71,7 +78,7 @@ jobs:
             fi
           fi
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }}
 
       - name: Summary
         run: |
