Actions variables (#146)

* Refactor workflows to use variables instead of secrets for environment files

* Update DevOps guide to replace secrets with variables for GitHub Actions configuration

* Bump version to 1.1.0-alpha.1 and update dependencies

* Bump version to 1.1.0-alpha.1 in package.json and package-lock.json

Author: mwarman

.github/workflows/ci.yml

@@ -37,7 +37,7 @@ jobs:
 
       - name: 'Create .env file'
         run: |
-          echo "${{ secrets.ENV_CI }}" > .env
+          echo "${{ vars.ENV_CI }}" > .env
 
       - name: Lint
         run: npm run lint
@@ -71,7 +71,7 @@ jobs:
       - name: Create infrastructure .env file
         working-directory: ./infrastructure
         run: |
-          echo "${{ secrets.CDK_ENV_DEV }}" > .env
+          echo "${{ vars.CDK_ENV_DEV }}" > .env
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v6.0.0

.github/workflows/code-quality.yml

@@ -37,7 +37,7 @@ jobs:
 
       - name: 'Create .env file'
         run: |
-          echo "${{ secrets.ENV_CI }}" > .env
+          echo "${{ vars.ENV_CI }}" > .env
 
       - name: Run ESLint with detailed output
         run: |

.github/workflows/deploy-dev.yml

@@ -19,6 +19,5 @@ jobs:
     with:
       aws_role_arn: ${{ vars.AWS_ROLE_ARN_DEV }}
       env: dev
-    secrets:
-      env_file: ${{ secrets.ENV_DEV }}
-      cdk_env_file: ${{ secrets.CDK_ENV_DEV }}
+      env_file: ${{ vars.ENV_DEV }}
+      cdk_env_file: ${{ vars.CDK_ENV_DEV }}

.github/workflows/deploy-prod.yml

@@ -19,6 +19,5 @@ jobs:
     with:
       aws_role_arn: ${{ vars.AWS_ROLE_ARN_PROD }}
       env: prod
-    secrets:
-      env_file: ${{ secrets.ENV_PROD }}
-      cdk_env_file: ${{ secrets.CDK_ENV_PROD }}
+      env_file: ${{ vars.ENV_PROD }}
+      cdk_env_file: ${{ vars.CDK_ENV_PROD }}

.github/workflows/deploy-qa.yml

@@ -18,6 +18,5 @@ jobs:
     with:
       aws_role_arn: ${{ vars.AWS_ROLE_ARN_QA }}
       env: qa
-    secrets:
-      env_file: ${{ secrets.ENV_QA }}
-      cdk_env_file: ${{ secrets.CDK_ENV_QA }}
+      env_file: ${{ vars.ENV_QA }}
+      cdk_env_file: ${{ vars.CDK_ENV_QA }}

.github/workflows/reusable-deploy.yml

@@ -4,20 +4,21 @@ on:
   workflow_call:
     inputs:
       aws_region:
-        required: false
         type: string
+        required: false
         default: 'us-east-1'
       aws_role_arn:
-        required: true
         type: string
+        required: true
       env:
-        required: false
         type: string
+        required: false
         default: 'dev'
-    secrets:
       env_file:
+        type: string
         required: true
       cdk_env_file:
+        type: string
         required: true
 
 jobs:
@@ -46,7 +47,7 @@ jobs:
 
       - name: Create app .env file
         run: |
-          echo "${{ secrets.env_file }}" > .env
+          echo "${{ inputs.env_file }}" > .env
           echo "VITE_BUILD_DATE=$(date +'%Y-%m-%d')" >> .env
           echo "VITE_BUILD_TIME=$(date +'%H:%M:%S%z')" >> .env
           echo "VITE_BUILD_TS=$(date +'%Y-%m-%dT%H:%M:%S%z')" >> .env
@@ -76,7 +77,7 @@ jobs:
       - name: Create infrastructure .env file
         working-directory: ./infrastructure
         run: |
-          echo "${{ secrets.cdk_env_file }}" > .env
+          echo "${{ inputs.cdk_env_file }}" > .env
           echo "✅ Infrastructure .env file created"
 
       - name: Build infrastructure

docs/DEVOPS_GUIDE.md

@@ -32,18 +32,24 @@ The project uses GitHub Actions for CI/CD. Below is a detailed description of ea
 - **Concurrency:**
   - Ensures only one workflow runs per branch/ref at a time; cancels in-progress runs for the same branch/ref.
 - **Timeout:** 10 minutes
+- **Prerequisites:**
+  - GitHub Actions variables must be configured:
+    - `ENV_CI` - Application environment variables for CI
+    - `CDK_ENV_DEV` - CDK infrastructure environment configuration for DEV
+    - `AWS_ROLE_ARN_DEV` - AWS IAM Role ARN for development environment
+    - `AWS_REGION` - AWS region for deployment
 - **Main Steps:**
   1. Checkout repository
   2. Setup Node.js (from `.nvmrc`, with npm cache)
   3. Install dependencies (`npm ci`)
-  4. Create application `.env` file from secrets (`ENV_CI`)
+  4. Create application `.env` file from variables (`ENV_CI`)
   5. Lint code (`npm run lint`)
   6. Check code formatting (`npm run format:check`)
   7. Build application (`npm run build`)
   8. Run unit tests with CI mode (`npm run test:ci`)
   9. Build Storybook (`npm run build:storybook`)
   10. Install and build infrastructure code
-  11. Create infrastructure `.env` file from secrets (`CDK_ENV_DEV`)
+  11. Create infrastructure `.env` file from variables (`CDK_ENV_DEV`)
   12. Configure AWS credentials using OIDC (role: `AWS_ROLE_ARN_DEV`)
   13. Synthesize CDK stacks (`npm run synth`)
   14. Clean up sensitive files (`.env`, `cdk.out`)
@@ -94,7 +100,6 @@ The project uses GitHub Actions for CI/CD. Below is a detailed description of ea
   - GitHub Actions variables must be configured:
     - `AWS_ROLE_ARN_DEV` - AWS IAM Role ARN for development environment
     - `AWS_REGION` - AWS region for deployment (default: `us-east-1`)
-  - GitHub Actions secrets must be configured:
     - `ENV_DEV` - Application environment variables
     - `CDK_ENV_DEV` - CDK infrastructure environment configuration
 - **Execution:** Calls the reusable `Deploy` workflow
@@ -112,7 +117,6 @@ The project uses GitHub Actions for CI/CD. Below is a detailed description of ea
   - GitHub Actions variables must be configured:
     - `AWS_ROLE_ARN_QA` - AWS IAM Role ARN for QA environment
     - `AWS_REGION` - AWS region for deployment
-  - GitHub Actions secrets must be configured:
     - `ENV_QA` - Application environment variables
     - `CDK_ENV_QA` - CDK infrastructure environment configuration
 - **Execution:** Calls the reusable `Deploy` workflow
@@ -130,7 +134,6 @@ The project uses GitHub Actions for CI/CD. Below is a detailed description of ea
   - GitHub Actions variables must be configured:
     - `AWS_ROLE_ARN_PROD` - AWS IAM Role ARN for production environment
     - `AWS_REGION` - AWS region for deployment
-  - GitHub Actions secrets must be configured:
     - `ENV_PROD` - Application environment variables
     - `CDK_ENV_PROD` - CDK infrastructure environment configuration
 - **Execution:** Calls the reusable `Deploy` workflow
@@ -145,7 +148,6 @@ The project uses GitHub Actions for CI/CD. Below is a detailed description of ea
   - `aws_role_arn` - AWS IAM role ARN for the target environment (required)
   - `aws_region` - AWS region for deployment (default: `us-east-1`)
   - `env` - Environment name (dev, qa, prod; default: `dev`)
-- **Secrets:**
   - `env_file` - Application environment variables (required)
   - `cdk_env_file` - CDK infrastructure environment configuration (required)
 - **Timeout:** 30 minutes
@@ -195,11 +197,6 @@ GitHub Actions variables should be configured in the repository settings:
 - `AWS_ROLE_ARN_DEV` - AWS IAM role ARN for development
 - `AWS_ROLE_ARN_QA` - AWS IAM role ARN for QA
 - `AWS_ROLE_ARN_PROD` - AWS IAM role ARN for production
-
-### Secrets
-
-GitHub Actions secrets should be configured in the repository settings:
-
 - `ENV_CI` - Environment variables for CI workflow (application)
 - `ENV_DEV` - Environment variables for DEV deployment (application)
 - `ENV_QA` - Environment variables for QA deployment (application)

infrastructure/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "react-starter-infrastructure",
-  "version": "1.0.0",
+  "version": "1.1.0-alhpa.1",
   "private": true,
   "scripts": {
     "build": "tsc",