PI-2302 Remove need for GitHub token to get HMPPS IP allowlists (#4151)

ministryofjustice · Aug 8, 2024 · 87f4c37 · 87f4c37
1 parent 7a750e4
commit 87f4c37
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/.github/actions/cloud-platform-deploy/action.yml b/.github/actions/cloud-platform-deploy/action.yml
@@ -26,9 +26,6 @@ inputs:
   token:
     description: The KUBE_TOKEN
     required: true
-  github_token:
-    description: A GitHub token, to pull the IP allow list groups
-    required: true
 
 runs:
   using: composite
@@ -82,7 +79,7 @@ runs:
             --set "generic-service.env.BUILD_INFO=$([ -r "$BUILD_INFO" ] && cat "$BUILD_INFO" | base64 -w0 || echo)" \
             --set "generic-service.env.GIT_INFO=$([ -r "$GIT_INFO" ] && cat "$GIT_INFO" | base64 -w0 || echo)" \
             --timeout 10m \
-            --values <(curl -fsSL "$(gh api '/repos/ministryofjustice/hmpps-ip-allowlists/contents/ip-allowlist-groups.yaml' | jq -r '.download_url')") \
+            --values <(echo "$HMPPS_IP_ALLOWLIST_GROUPS_YAML" | base64 -d) \
             --values templates/helm-defaults.yml \
             --values 'projects/${{ inputs.project }}/deploy/values.yaml' \
             --values 'projects/${{ inputs.project }}/deploy/${{ steps.env.outputs.values-file }}' \
@@ -96,7 +93,7 @@ runs:
         done
         if [ $exit_code -ne 0 ]; then exit $exit_code; fi
       env:
-        GITHUB_TOKEN: ${{ inputs.github_token }}
         BUILD_INFO: projects/${{ inputs.project }}/build-info.properties
         GIT_INFO: projects/${{ inputs.project }}/git.properties
+        HMPPS_IP_ALLOWLIST_GROUPS_YAML: ${{ vars.HMPPS_IP_ALLOWLIST_GROUPS_YAML }}
         MAX_ATTEMPTS: '3'
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -128,7 +128,6 @@ jobs:
           cluster: ${{ secrets.KUBE_CLUSTER }}
           namespace: ${{ secrets.KUBE_NAMESPACE }}
           token: ${{ secrets.KUBE_TOKEN }}
-          github_token: ${{ secrets.BOT_GITHUB_EXTERNAL_REPOS_TOKEN }}
 
       - uses: docker/login-action@v3
         if: ${{ steps.check_files.outputs.files_exists == 'true' && steps.enabled.outputs.enabled == 'true' }}