Actions: composite actions for repetitive tasks (#1977)

* ci(actions): Update the secret update process Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * ci(actions): Composite actions Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * fix(ci): keys injection Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * fix(ci): missing env variable Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * fix(ci): action name Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> --------- Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
2024-03-19 14:44:11 +01:00 · 2024-03-19 14:44:11 +01:00 · bed88026bd
commit bed88026bd
parent 6c12af6125
18 changed files with 278 additions and 174 deletions
--- a/.github/composite-actions/update-keys/action.yml
+++ b/.github/composite-actions/update-keys/action.yml
@ -0,0 +1,56 @@
+name: 'Update Keys'
+description: 'Updates keys'
+inputs:
+  domain_name:
+    required: true
+    description: 'Domain Name'
+  license_key:
+    required: true
+    description: 'License Key'
+  jwt_secret:
+    required: true
+    description: 'JWT Secret'
+  minio_access_key:
+    required: true
+    description: 'MinIO Access Key'
+  minio_secret_key:
+    required: true
+    description: 'MinIO Secret Key'
+  pg_password:
+    required: true
+    description: 'PostgreSQL Password'
+  registry_url:
+    required: true
+    description: 'Registry URL'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Downloading yq
+      run: |
+        VERSION="v4.42.1"
+        sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq
+        sudo chmod +x /usr/bin/yq
+      shell: bash
+      
+    - name: "Updating OSS secrets"
+      run: |
+        cd scripts/helmcharts/
+        yq e -i '.global.domainName = strenv(DOMAIN_NAME)' vars.yaml
+        yq e -i '.global.assistKey = strenv(JWT_SECRET)' vars.yaml
+        yq e -i '.global.assistJWTSecret = strenv(JWT_SECRET)' vars.yaml
+        yq e -i '.chalice.env.jwt_secret = strenv(JWT_SECRET)' vars.yaml
+        yq e -i '.global.enterpriseEditionLicense = strenv(LICENSE_KEY)' vars.yaml
+        yq e -i '.global.s3.accessKey = strenv(MINIO_ACCESS_KEY)' vars.yaml
+        yq e -i '.global.s3.secretKey = strenv(MINIO_SECRET_KEY)' vars.yaml
+        yq e -i '.postgresql.postgresqlPassword = strenv(PG_PASSWORD)' vars.yaml
+        yq e -i '.global.openReplayContainerRegistry = strenv(REGISTRY_URL)' vars.yaml
+      shell: bash
+      env:
+        DOMAIN_NAME: ${{ inputs.domain_name }}
+        LICENSE_KEY: ${{ inputs.license_key }}
+        JWT_SECRET: ${{ inputs.jwt_secret }}
+        MINIO_ACCESS_KEY: ${{ inputs.minio_access_key }}
+        MINIO_SECRET_KEY: ${{ inputs.minio_secret_key }}
+        PG_PASSWORD: ${{ inputs.pg_password }}
+        REGISTRY_URL: ${{ inputs.registry_url }}
--- a/.github/workflows/alerts-ee.yaml
+++ b/.github/workflows/alerts-ee.yaml
@ -42,6 +42,17 @@ jobs:
          # to see which workers got changed.
          fetch-depth: 2

+      - uses: ./.github/composite-actions/update-keys
+        with:
+          domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+          license_key: ${{ secrets.EE_LICENSE_KEY }}
+          jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+          minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+          minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+          pg_password: ${{ secrets.EE_PG_PASSWORD }}
+          registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+        name: Update Keys
+
      - name: Docker login
        run: |
          docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -110,15 +121,6 @@ jobs:
        run: |
          cd scripts/helmcharts/
          
-          ## Update secerts
-          sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-          sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-          sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-          sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-          sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-          sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-          sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-          
          # Update changed image tag
          sed -i "/alerts/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml
          
--- a/.github/workflows/alerts.yaml
+++ b/.github/workflows/alerts.yaml
@ -34,6 +34,17 @@ jobs:
          # to see which workers got changed.
          fetch-depth: 2

+      - uses: ./.github/composite-actions/update-keys
+        with:
+          domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+          license_key: ${{ secrets.OSS_LICENSE_KEY }}
+          jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+          minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+          minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+          pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+          registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+        name: Update Keys
+
      - name: Docker login
        run: |
          docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
--- a/.github/workflows/api-ee.yaml
+++ b/.github/workflows/api-ee.yaml
@ -41,6 +41,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -109,15 +120,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/chalice/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/api.yaml
+++ b/.github/workflows/api.yaml
@ -33,6 +33,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -100,14 +111,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/chalice/{n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

@ -118,7 +121,6 @@ jobs:
        mv /tmp/{ingress-nginx,chalice,quickwit} openreplay/charts/
        helm template openreplay -n app openreplay -f vars.yaml -f /tmp/image_override.yaml --set ingress-nginx.enabled=false --set skipMigration=true --no-hooks | kubectl apply -n app -f -
      env:
-        DOCKER_REPO: ${{ secrets.OSS_REGISTRY_URL }}
        IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }}
        ENVIRONMENT: staging

@ -140,4 +142,3 @@ jobs:
    #     DOCKER_REPO: ${{ secrets.OSS_REGISTRY_URL }}
    #     IMAGE_TAG: ${{ github.sha }}
    #     ENVIRONMENT: staging
-
--- a/.github/workflows/assist-ee.yaml
+++ b/.github/workflows/assist-ee.yaml
@ -31,6 +31,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -92,15 +103,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/assist/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/assist-stats.yaml
+++ b/.github/workflows/assist-stats.yaml
@ -30,6 +30,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -82,9 +93,17 @@ jobs:
        kubeconfig: ${{ secrets.EE_KUBECONFIG }} # Use content of kubeconfig in secret.
      id: setcontextee

-    - name: Resetting vars file
-      run: |
-        git checkout -- scripts/helmcharts/vars.yaml
+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Deploy to kubernetes ee
      run: |
        cd scripts/helmcharts/
@ -95,15 +114,6 @@ jobs:
            tag: ${IMAGE_TAG}
        EOF

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/assist-stats/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/assist.yaml
+++ b/.github/workflows/assist.yaml
@ -30,6 +30,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -91,15 +102,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.OSS_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/assist/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/crons-ee.yaml
+++ b/.github/workflows/crons-ee.yaml
@ -42,6 +42,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -110,15 +121,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/crons/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/db-migrate.yaml
+++ b/.github/workflows/db-migrate.yaml
@ -59,17 +59,22 @@ jobs:
        EOF
        done

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Deploy to kubernetes foss
      if: ${{ steps.check-migration.outputs.skip_migration_oss != 'true' }}
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml

        cat /tmp/image_override.yaml
@ -115,22 +120,21 @@ jobs:
        EOF
        done

-    - name: Resetting vars file
-      run: |
-        git checkout -- scripts/helmcharts/vars.yaml
+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Deploy to kubernetes ee
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        cat /tmp/image_override.yaml
        # Deploy command
        helm upgrade --install openreplay -n app openreplay -f vars.yaml -f /tmp/image_override.yaml --atomic --set forceMigration=true --set dbMigrationUpstreamBranch=${IMAGE_TAG}
--- a/.github/workflows/frontend-dev.yaml
+++ b/.github/workflows/frontend-dev.yaml
@ -21,6 +21,17 @@ jobs:
          ${{ runner.OS }}-build-
          ${{ runner.OS }}-

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.DEV_DOMAIN_NAME }}
+        license_key: ${{ secrets.DEV_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.DEV_JWT_SECRET }}
+        minio_access_key: ${{ secrets.DEV_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.DEV_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.DEV_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -59,14 +70,6 @@ jobs:
            tag: ${IMAGE_TAG}
        EOF

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.DEV_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.DEV_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.DEV_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.DEV_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.DEV_DOMAIN_NAME }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/frontend/{n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/frontend.yaml
+++ b/.github/workflows/frontend.yaml
@ -27,6 +27,17 @@ jobs:
          ${{ runner.OS }}-build-
          ${{ runner.OS }}-

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -65,14 +76,6 @@ jobs:
            tag: ${IMAGE_TAG}
        EOF

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/frontend/{n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

@ -96,9 +99,17 @@ jobs:
        kubeconfig: ${{ secrets.EE_KUBECONFIG }} # Use content of kubeconfig in secret.
      id: setcontextee

-    - name: Resetting vars file
-      run: |
-        git checkout -- scripts/helmcharts/vars.yaml
+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Deploy to kubernetes ee
      run: |
        cd scripts/helmcharts/
@ -109,15 +120,6 @@ jobs:
            tag: ${IMAGE_TAG}
        EOF

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/frontend/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/peers-ee.yaml
+++ b/.github/workflows/peers-ee.yaml
@ -31,6 +31,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -99,15 +110,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/peers/{n;n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/peers.yaml
+++ b/.github/workflows/peers.yaml
@ -30,6 +30,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -97,14 +108,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/peers/{n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml

--- a/.github/workflows/sourcemaps-reader-ee.yaml
+++ b/.github/workflows/sourcemaps-reader-ee.yaml
@ -30,6 +30,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -97,15 +108,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.EE_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.EE_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.EE_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.EE_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.EE_DOMAIN_NAME }}\"/g" vars.yaml
-        sed -i "s/enterpriseEditionLicense: \"\"/enterpriseEditionLicense: \"${{ secrets.EE_LICENSE_KEY }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/sourcemaps-reader/{n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml
        sed -i "s/sourcemaps-reader/sourcemapreader/g" /tmp/image_override.yaml
--- a/.github/workflows/sourcemaps-reader.yaml
+++ b/.github/workflows/sourcemaps-reader.yaml
@ -30,6 +30,17 @@ jobs:
        # to see which workers got changed.
        fetch-depth: 2

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -97,14 +108,6 @@ jobs:
      run: |
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml
-
        # Update changed image tag
        sed -i "/sourcemaps-reader/{n;n;s/.*/    tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml
        sed -i "s/sourcemaps-reader/sourcemapreader/g" /tmp/image_override.yaml
--- a/.github/workflows/workers-ee.yaml
+++ b/.github/workflows/workers-ee.yaml
@ -34,6 +34,17 @@ jobs:
        fetch-depth: 2
        # ref: staging

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.EE_DOMAIN_NAME }}
+        license_key: ${{ secrets.EE_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.EE_JWT_SECRET }}
+        minio_access_key: ${{ secrets.EE_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.EE_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.EE_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.EE_REGISTRY_URL }} -u ${{ secrets.EE_DOCKER_USERNAME }} -p "${{ secrets.EE_REGISTRY_TOKEN }}" 
@ -41,8 +52,8 @@ jobs:
    - name: Downloading yq
      run: |
        VERSION="v4.42.1"
-        wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq
-        chmod +x /usr/bin/yq
+        sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq
+        sudo chmod +x /usr/bin/yq

    - uses: azure/k8s-set-context@v1
      with:
@ -120,15 +131,7 @@ jobs:

    - name: Deploying to kuberntes
      env:
-        # We're not passing -ee flag, because helm will add that.
        IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }}
-        DOMAIN_NAME: ${{ secrets.EE_DOMAIN_NAME }}
-        LICENSE_KEY: ${{ secrets.EE_LICENSE_KEY }}
-        JWT_SECRET: ${{ secrets.EE_JWT_SECRET }}
-        MINIO_ACCESS_KEY: ${{ secrets.EE_MINIO_ACCESS_KEY }}
-        MINIO_SECRET_KEY: ${{ secrets.EE_MINIO_SECRET_KEY }}
-        PG_PASSWORD: ${{ secrets.EE_PG_PASSWORD }}
-        REGISTRY_URL: ${{ secrets.OSS_REGISTRY_URL }}
      run: |
        #
        # Deploying image to environment.
@ -137,15 +140,6 @@ jobs:
        [[ -f /tmp/nothing-to-build-here ]] && exit 0
        cd scripts/helmcharts/

-        ## Update secerts
-        yq e -i '.global.domainName = strenv(DOMAIN_NAME)' vars.yaml
-        yq e -i '.chalice.env.jwt_secret = strenv(JWT_SECRET)' vars.yaml
-        yq e -i '.global.enterpriseEditionLicense = strenv(LICENSE_KEY)' vars.yaml
-        yq e -i '.global.s3.accessKey = strenv(MINIO_ACCESS_KEY)' vars.yaml
-        yq e -i '.global.s3.secretKey = strenv(MINIO_SECRET_KEY)' vars.yaml
-        yq e -i '.global.postgresql.password = strenv(PG_PASSWORD)' vars.yaml
-        yq e -i '.global.openReplayContainerRegistry = strenv(REGISTRY_URL)' vars.yaml
-
        set -x
        echo > /tmp/image_override.yaml
        mkdir /tmp/helmcharts
--- a/.github/workflows/workers.yaml
+++ b/.github/workflows/workers.yaml
@ -33,6 +33,17 @@ jobs:
        fetch-depth: 2
        # ref: staging

+    - uses: ./.github/composite-actions/update-keys
+      with:
+        domain_name: ${{ secrets.OSS_DOMAIN_NAME }}
+        license_key: ${{ secrets.OSS_LICENSE_KEY }}
+        jwt_secret: ${{ secrets.OSS_JWT_SECRET }}
+        minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }}
+        minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }}
+        pg_password: ${{ secrets.OSS_PG_PASSWORD }}
+        registry_url: ${{ secrets.OSS_REGISTRY_URL }}
+      name: Update Keys
+
    - name: Docker login
      run: |
        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" 
@ -123,14 +134,6 @@ jobs:
        [[ -f /tmp/nothing-to-build-here ]] && exit 0
        cd scripts/helmcharts/

-        ## Update secerts
-        sed -i "s#openReplayContainerRegistry.*#openReplayContainerRegistry: \"${{ secrets.OSS_REGISTRY_URL }}\"#g" vars.yaml
-        sed -i "s/postgresqlPassword: \"changeMePassword\"/postgresqlPassword: \"${{ secrets.OSS_PG_PASSWORD }}\"/g" vars.yaml
-        sed -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"${{ secrets.OSS_MINIO_ACCESS_KEY }}\"/g" vars.yaml
-        sed -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"${{ secrets.OSS_MINIO_SECRET_KEY }}\"/g" vars.yaml
-        sed -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"${{ secrets.OSS_JWT_SECRET }}\"/g" vars.yaml
-        sed -i "s/domainName: \"\"/domainName: \"${{ secrets.OSS_DOMAIN_NAME }}\"/g" vars.yaml
-
        set -x
        echo > /tmp/image_override.yaml
        mkdir /tmp/helmcharts