From 20a4adbc7b54e5affd2dea772924d5102d643ff6 Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Fri, 2 Jun 2023 11:39:23 +0200 Subject: [PATCH] :fire: Remove explicit tokens --- .github/workflows/template_gitops.yml | 22 ++++++---------------- README.md | 10 ++-------- 2 files changed, 8 insertions(+), 24 deletions(-) diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml index be47a91b..aa33161c 100644 --- a/.github/workflows/template_gitops.yml +++ b/.github/workflows/template_gitops.yml @@ -26,23 +26,18 @@ on: gitops-prod: required: false type: string + # waiting for: https://github.com/github-community/community/discussions/17554 secrets: docker-username: required: false docker-password: required: false - gitops-token: - required: false - npm-token: - required: false - goproxy: - required: false - gonosumdb: - required: false docker-build-secrets: required: false docker-build-secret-files: required: false + gitops-token: + required: false jobs: gitops: @@ -61,18 +56,13 @@ jobs: with: docker-username: ${{ secrets.docker-username }} docker-password: ${{ secrets.docker-password }} - # remove npm token, goproxy, gonosumdb if feature is available: https://github.com/github-community/community/discussions/17554 - docker-build-args: | - ${{ inputs.docker-build-args }} - NPM_TOKEN=${{ secrets.npm-token }} - GOPROXY=${{ secrets.goproxy }} - GONOSUMDB=${{ secrets.gonosumdb }} + docker-build-args: ${{ inputs.docker-build-args }} docker-build-target: ${{ inputs.docker-build-target }} + docker-build-secrets: ${{ secrets.docker-build-secrets }} + docker-build-secret-files: ${{ secrets.docker-build-secret-files }} docker-file: ${{ inputs.docker-file }} docker-image: ${{ inputs.docker-image }} gitops-token: ${{ secrets.gitops-token }} gitops-dev: ${{ inputs.gitops-dev }} gitops-stage: ${{ inputs.gitops-stage }} gitops-prod: ${{ inputs.gitops-prod }} - docker-build-secrets: ${{ secrets.docker-build-secrets }} - docker-build-secret-files: ${{ secrets.docker-build-secret-files }} diff --git a/README.md b/README.md index 8cd39e2d..a277cc79 100644 --- a/README.md +++ b/README.md @@ -95,24 +95,18 @@ jobs: gitops-prod: |- your files secrets: - # optional: token to access the repository - gitops-token: ${{ }} # optional: username for the docker registry docker-username: ${{ }} # optional: password for the docker registry docker-password: ${{ }} - # optional: token to pull private npm packages - npm-token: ${{ }} - # optional: goproxy environment variable - goproxy: ${{ }} - # optional: gonosumdb environment variable - gonosumdb: ${{ }} # optional: list of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken) docker-build-secrets: | "${{ }}" # optional: list of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt) docker-build-secret-files: | "${{ }}" + # optional: token to access the repository + gitops-token: ${{ }} ```