From 421a9cbeaf54c8eb02ec0f105d7a442a90c46160 Mon Sep 17 00:00:00 2001 From: Marcus Aspin Date: Thu, 8 Aug 2024 10:23:30 +0000 Subject: [PATCH] PI-2302 Remove need for GitHub token to get HMPPS IP allowlists --- .github/actions/cloud-platform-deploy/action.yml | 7 ++----- .github/workflows/deploy.yml | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/actions/cloud-platform-deploy/action.yml b/.github/actions/cloud-platform-deploy/action.yml index 4d0014cfef..96164a73d9 100644 --- a/.github/actions/cloud-platform-deploy/action.yml +++ b/.github/actions/cloud-platform-deploy/action.yml @@ -26,9 +26,6 @@ inputs: token: description: The KUBE_TOKEN required: true - github_token: - description: A GitHub token, to pull the IP allow list groups - required: true runs: using: composite @@ -82,7 +79,7 @@ runs: --set "generic-service.env.BUILD_INFO=$([ -r "$BUILD_INFO" ] && cat "$BUILD_INFO" | base64 -w0 || echo)" \ --set "generic-service.env.GIT_INFO=$([ -r "$GIT_INFO" ] && cat "$GIT_INFO" | base64 -w0 || echo)" \ --timeout 10m \ - --values <(curl -fsSL "$(gh api '/repos/ministryofjustice/hmpps-ip-allowlists/contents/ip-allowlist-groups.yaml' | jq -r '.download_url')") \ + --values <(echo "$HMPPS_IP_ALLOWLIST_GROUPS_YAML" | base64 -d) \ --values templates/helm-defaults.yml \ --values 'projects/${{ inputs.project }}/deploy/values.yaml' \ --values 'projects/${{ inputs.project }}/deploy/${{ steps.env.outputs.values-file }}' \ @@ -96,7 +93,7 @@ runs: done if [ $exit_code -ne 0 ]; then exit $exit_code; fi env: - GITHUB_TOKEN: ${{ inputs.github_token }} BUILD_INFO: projects/${{ inputs.project }}/build-info.properties GIT_INFO: projects/${{ inputs.project }}/git.properties + HMPPS_IP_ALLOWLIST_GROUPS_YAML: ${{ vars.HMPPS_IP_ALLOWLIST_GROUPS_YAML }} MAX_ATTEMPTS: '3' \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e452fa7db1..1a0e74ec29 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -128,7 +128,6 @@ jobs: cluster: ${{ secrets.KUBE_CLUSTER }} namespace: ${{ secrets.KUBE_NAMESPACE }} token: ${{ secrets.KUBE_TOKEN }} - github_token: ${{ secrets.BOT_GITHUB_EXTERNAL_REPOS_TOKEN }} - uses: docker/login-action@v3 if: ${{ steps.check_files.outputs.files_exists == 'true' && steps.enabled.outputs.enabled == 'true' }}