From 2b64d39428edc05bcf55c5e11236cfef01b50167 Mon Sep 17 00:00:00 2001
From: Falk Puschner <falk.puschner@staffbase.com>
Date: Thu, 2 Nov 2023 16:32:21 +0100
Subject: [PATCH] :fire: Remove explicit tokens (#122)

* :fire: Remove explicit tokens

* :rewind: Revert gonosumdb changes
---
 .github/workflows/template_gitops.yml | 14 ++++----------
 README.md                             | 12 ++++--------
 2 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
index 7ce1aab..920f927 100644
--- a/.github/workflows/template_gitops.yml
+++ b/.github/workflows/template_gitops.yml
@@ -34,23 +34,20 @@ on:
         required: false
         type: string
         default: '.'
+    # waiting for: https://github.com/github-community/community/discussions/17554
     secrets:
       docker-username:
         required: false
       docker-password:
         required: false
-      gitops-token:
+      docker-build-secrets:
         required: false
-      npm-token:
+      docker-build-secret-files:
         required: false
-      goproxy:
+      gitops-token:
         required: false
       gonosumdb:
         required: false
-      docker-build-secrets:
-        required: false
-      docker-build-secret-files:
-        required: false
 
 jobs:
   gitops:
@@ -69,11 +66,8 @@ jobs:
         with:
           docker-username: ${{ secrets.docker-username }}
           docker-password: ${{ secrets.docker-password }}
-          # remove npm token, goproxy, gonosumdb if feature is available: https://github.com/github-community/community/discussions/17554
           docker-build-args: |
             ${{ inputs.docker-build-args }}
-            NPM_TOKEN=${{ secrets.npm-token }}
-            GOPROXY=${{ secrets.goproxy }}
             GONOSUMDB=${{ secrets.gonosumdb }}
           docker-build-provenance: ${{ inputs.docker-build-provenance }}
           docker-build-secrets: ${{ secrets.docker-build-secrets }}
diff --git a/README.md b/README.md
index 77c06d8..370b637 100644
--- a/README.md
+++ b/README.md
@@ -125,24 +125,20 @@ jobs:
       gitops-prod: |-
         your files
     secrets:
-      # optional: token to access the repository
-      gitops-token: ${{ <your-gitops-token> }}
       # optional: username for the docker registry
       docker-username: ${{ <your-docker-username> }}
       # optional: password for the docker registry
       docker-password: ${{ <your-docker-password> }}
-      # optional: token to pull private npm packages
-      npm-token: ${{ <your-npm-token> }}
-      # optional: goproxy environment variable
-      goproxy: ${{ <your-goproxy> }}
-      # optional: gonosumdb environment variable
-      gonosumdb: ${{ <your-gonosumdb> }}
       # optional: list of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)
       docker-build-secrets: |
         "${{ <your-secrets> }}"
       # optional: list of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)
       docker-build-secret-files: |
         "${{ <your-secret-files> }}"
+      # optional: token to access the repository
+      gitops-token: ${{ <your-gitops-token> }}
+      # optional: gonosumdb environment variable
+      gonosumdb: ${{ <your-gonosumdb> }}
 ```
 </details>