From 4b83b2e0198753dd91491d258a9e9d7bb7e069a6 Mon Sep 17 00:00:00 2001
From: Ben Zarboni <ben.zarboni@focisolutions.com>
Date: Thu, 29 Feb 2024 14:45:53 -0500
Subject: [PATCH 1/4] Change vars to secrets

---
 .../action-variables.tf                                | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/foundations-github-organization/action-variables.tf b/modules/foundations-github-organization/action-variables.tf
index 6ad3262..29cc8f7 100644
--- a/modules/foundations-github-organization/action-variables.tf
+++ b/modules/foundations-github-organization/action-variables.tf
@@ -6,12 +6,12 @@ resource "github_actions_variable" "organization_workload_identity_sa" {
   value         = var.organization_workload_identity_sa
 }
 
-resource "github_actions_variable" "bootstrap_workload_identity_sa" {
+resource "github_actions_secret" "bootstrap_workload_identity_sa" {
   provider = github.foundation_org_scoped
 
   repository    = github_repository.bootstrap_repo.name
-  variable_name = "GCP_SERVICE_ACCOUNT"
-  value         = var.bootstrap_workload_identity_sa
+  secret_name = "GCP_SERVICE_ACCOUNT"
+  plaintext_value         = var.bootstrap_workload_identity_sa
 }
 
 resource "github_actions_variable" "gcp_secret_manager_project_id" {
@@ -22,10 +22,10 @@ resource "github_actions_variable" "gcp_secret_manager_project_id" {
   value         = var.gcp_project_id
 }
 
-resource "github_actions_organization_variable" "workload_identity_provider" {
+resource "github_actions_organization_secret" "workload_identity_provider" {
   provider = github.foundation_org_scoped
 
-  variable_name = "WORKLOAD_IDENTITY_PROVIDER"
+  secret_name = "WORKLOAD_IDENTITY_PROVIDER"
   value         = var.workload_identity_provider_name
   visibility    = "selected"
   selected_repository_ids = [

From a22b7efe27e4d610e1eda5f5ef9b2dddbb1bd236 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 29 Feb 2024 19:49:27 +0000
Subject: [PATCH 2/4] terraform-docs: automated action

---
 modules/foundations-github-organization/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/foundations-github-organization/README.md b/modules/foundations-github-organization/README.md
index 7f67b67..97d6209 100644
--- a/modules/foundations-github-organization/README.md
+++ b/modules/foundations-github-organization/README.md
@@ -20,11 +20,11 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_secret) | resource |
 | [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
-| [github_actions_organization_variable.workload_identity_provider](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
-| [github_actions_variable.bootstrap_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource |
+| [github_actions_secret.bootstrap_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_secret) | resource |
 | [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource |
 | [github_actions_variable.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource |
 | [github_branch_protection.protect_bootstrap_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource |

From d2c5a7ffa9310ffbb2186eabee5464817dc2d419 Mon Sep 17 00:00:00 2001
From: Ben Zarboni <ben.zarboni@focisolutions.com>
Date: Thu, 29 Feb 2024 15:07:55 -0500
Subject: [PATCH 3/4] Removed unneeded Bootstrap layer

---
 .../action-variables.tf                              | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/modules/foundations-github-organization/action-variables.tf b/modules/foundations-github-organization/action-variables.tf
index 29cc8f7..40b2855 100644
--- a/modules/foundations-github-organization/action-variables.tf
+++ b/modules/foundations-github-organization/action-variables.tf
@@ -1,17 +1,9 @@
-resource "github_actions_variable" "organization_workload_identity_sa" {
+resource "github_actions_secret" "organization_workload_identity_sa" {
   provider = github.foundation_org_scoped
 
   repository    = github_repository.organizations_repo.name
-  variable_name = "GCP_SERVICE_ACCOUNT"
-  value         = var.organization_workload_identity_sa
-}
-
-resource "github_actions_secret" "bootstrap_workload_identity_sa" {
-  provider = github.foundation_org_scoped
-
-  repository    = github_repository.bootstrap_repo.name
   secret_name = "GCP_SERVICE_ACCOUNT"
-  plaintext_value         = var.bootstrap_workload_identity_sa
+  value         = var.organization_workload_identity_sa
 }
 
 resource "github_actions_variable" "gcp_secret_manager_project_id" {

From 52828f29353d08419d2ebcd4e01d04c1efad9ffa Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 29 Feb 2024 20:08:18 +0000
Subject: [PATCH 4/4] terraform-docs: automated action

---
 modules/foundations-github-organization/README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/foundations-github-organization/README.md b/modules/foundations-github-organization/README.md
index 97d6209..864476c 100644
--- a/modules/foundations-github-organization/README.md
+++ b/modules/foundations-github-organization/README.md
@@ -24,9 +24,8 @@ No modules.
 | [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
-| [github_actions_secret.bootstrap_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_secret) | resource |
+| [github_actions_secret.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_secret) | resource |
 | [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource |
-| [github_actions_variable.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource |
 | [github_branch_protection.protect_bootstrap_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource |
 | [github_branch_protection.protect_organization_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource |
 | [github_enterprise_organization.github-foundations](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/enterprise_organization) | resource |