feat: integrate polykey into workflow

.github/workflows/clean.yml

@@ -23,8 +23,7 @@ jobs:
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           ZONE_ID: ${{ secrets.ZONE_ID }}
-          AUTH_KEY: ${{ secrets.AUTH_KEY }}
-          AUTH_EMAIL: ${{ secrets.AUTH_EMAIL }}
+          POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN: ${{ secrets.POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN }}
         run: |
           echo 'Perform service deployment for feature'
           nix develop .#ci --command bash -c $'

flake.nix

@@ -19,7 +19,7 @@
             shellHook = ''
               echo "Entering $(npm pkg get name)"
               set -o allexport
-              . ./.env
+              . <(pk secrets env Polykey-Docs:.)
               set +o allexport
               set -v
               ${lib.optionalString ci ''

scripts/certs_cleanup.sh

@@ -2,14 +2,12 @@
 
 response=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/ssl/certificate_packs" \
                 -H "Content-Type: application/json" \
-                -H "X-Auth-Key: $AUTH_KEY" \
-                -H "X-Auth-Email: $AUTH_EMAIL")
+                -H "Authorization: Bearer $POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN")
 
 cert_ids=$(echo "$response" | jq -r --arg domain "$DOMAIN" '.result[] | select(.hosts[] | contains($domain)) | .id')
 
 echo "$cert_ids" | while read -r cert_id; do
      curl -X DELETE --url "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/ssl/certificate_packs/$cert_id" \
           -H "Content-Type: application/json" \
-          -H "X-Auth-Key: $AUTH_KEY" \
-          -H "X-Auth-Email: $AUTH_EMAIL"
+          -H "Authorization: Bearer $POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN"
 done