🔥 Remove explicit tokens (#122)

* 🔥 Remove explicit tokens * ⏪ Revert gonosumdb changes
Staffbase · Nov 2, 2023 · 2b64d39 · 2b64d39
1 parent dafecc4
commit 2b64d39
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 18 deletions.
diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
@@ -34,23 +34,20 @@ on:
         required: false
         type: string
         default: '.'
+    # waiting for: https://github.com/github-community/community/discussions/17554
     secrets:
       docker-username:
         required: false
       docker-password:
         required: false
-      gitops-token:
+      docker-build-secrets:
         required: false
-      npm-token:
+      docker-build-secret-files:
         required: false
-      goproxy:
+      gitops-token:
         required: false
       gonosumdb:
         required: false
-      docker-build-secrets:
-        required: false
-      docker-build-secret-files:
-        required: false
 
 jobs:
   gitops:
@@ -69,11 +66,8 @@ jobs:
         with:
           docker-username: ${{ secrets.docker-username }}
           docker-password: ${{ secrets.docker-password }}
-          # remove npm token, goproxy, gonosumdb if feature is available: https://github.com/github-community/community/discussions/17554
           docker-build-args: |
             ${{ inputs.docker-build-args }}
-            NPM_TOKEN=${{ secrets.npm-token }}
-            GOPROXY=${{ secrets.goproxy }}
             GONOSUMDB=${{ secrets.gonosumdb }}
           docker-build-provenance: ${{ inputs.docker-build-provenance }}
           docker-build-secrets: ${{ secrets.docker-build-secrets }}

diff --git a/README.md b/README.md
@@ -125,24 +125,20 @@ jobs:
       gitops-prod: |-
         your files
     secrets:
-      # optional: token to access the repository
-      gitops-token: ${{ <your-gitops-token> }}
       # optional: username for the docker registry
       docker-username: ${{ <your-docker-username> }}
       # optional: password for the docker registry
       docker-password: ${{ <your-docker-password> }}
-      # optional: token to pull private npm packages
-      npm-token: ${{ <your-npm-token> }}
-      # optional: goproxy environment variable
-      goproxy: ${{ <your-goproxy> }}
-      # optional: gonosumdb environment variable
-      gonosumdb: ${{ <your-gonosumdb> }}
       # optional: list of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)
       docker-build-secrets: |
         "${{ <your-secrets> }}"
       # optional: list of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)
       docker-build-secret-files: |
         "${{ <your-secret-files> }}"
+      # optional: token to access the repository
+      gitops-token: ${{ <your-gitops-token> }}
+      # optional: gonosumdb environment variable
+      gonosumdb: ${{ <your-gonosumdb> }}
 ```
 </details>