From e5ebe0ff5319a50d235281b2ee285bf4f02c09c4 Mon Sep 17 00:00:00 2001 From: Tore Martin Hagen Date: Wed, 25 Sep 2024 10:21:23 +0200 Subject: [PATCH] Removed use of KOSLI_API_TOKEN, use org level KOSLI_API_TOKEN_PROD instead, added secrets info files --- .github/workflows/main.yml | 6 +++--- .github/workflows/release.yml | 10 +++++----- secrets/gh-repo-azure-client-id.txt | 9 +++++++++ secrets/gh-repo-azure-client-secret.txt | 9 +++++++++ secrets/gh-repo-committer-token.txt | 21 ++++++++++++++++++++ secrets/gh-repo-fury-token.txt | 9 +++++++++ secrets/gh-repo-ghcr-token.txt | 9 +++++++++ secrets/gh-repo-ghcr-user.txt | 9 +++++++++ secrets/gh-repo-gpg-passphrase.txt | 9 +++++++++ secrets/gh-repo-gpg-private-key.txt | 9 +++++++++ secrets/gh-repo-kosli-azure-token.txt | 9 +++++++++ secrets/gh-repo-kosli-bitbucket-password.txt | 9 +++++++++ secrets/gh-repo-kosli-github-token.txt | 9 +++++++++ secrets/gh-repo-kosli-gitlab-token.txt | 9 +++++++++ secrets/gh-repo-kosli-jira-api-token.txt | 9 +++++++++ 15 files changed, 137 insertions(+), 8 deletions(-) create mode 100644 secrets/gh-repo-azure-client-id.txt create mode 100644 secrets/gh-repo-azure-client-secret.txt create mode 100644 secrets/gh-repo-committer-token.txt create mode 100644 secrets/gh-repo-fury-token.txt create mode 100644 secrets/gh-repo-ghcr-token.txt create mode 100644 secrets/gh-repo-ghcr-user.txt create mode 100644 secrets/gh-repo-gpg-passphrase.txt create mode 100644 secrets/gh-repo-gpg-private-key.txt create mode 100644 secrets/gh-repo-kosli-azure-token.txt create mode 100644 secrets/gh-repo-kosli-bitbucket-password.txt create mode 100644 secrets/gh-repo-kosli-github-token.txt create mode 100644 secrets/gh-repo-kosli-gitlab-token.txt create mode 100644 secrets/gh-repo-kosli-jira-api-token.txt diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 18581cfe..2c3c84da 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -49,7 +49,7 @@ jobs: FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }} KOSLI_ORG: kosli-public secrets: - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} pr_github_token: ${{ secrets.GITHUB_TOKEN }} @@ -73,7 +73,7 @@ jobs: slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }} snyk_token: ${{ secrets.SNYK_TOKEN }} - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} docker: needs: [pre-build, test, init-kosli] @@ -89,5 +89,5 @@ jobs: slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }} ghcr_user: ${{ secrets.GHCR_USER }} ghcr_token: ${{ secrets.GHCR_TOKEN }} - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} snyk_token: ${{ secrets.SNYK_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 12fdbc72..60f702dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,7 @@ jobs: FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }} KOSLI_ORG: kosli-public secrets: - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} pr_github_token: ${{ secrets.GITHUB_TOKEN }} never-alone-trail: @@ -59,7 +59,7 @@ jobs: PARENT_TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }} KOSLI_ORG: kosli-public secrets: - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} pr_github_token: ${{ secrets.GITHUB_TOKEN }} test: @@ -82,7 +82,7 @@ jobs: slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }} jira_api_token: ${{ secrets.KOSLI_JIRA_API_TOKEN }} snyk_token: ${{ secrets.SNYK_TOKEN }} - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} docker: needs: [pre-build, init-kosli, test, never-alone-trail] @@ -98,7 +98,7 @@ jobs: slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }} ghcr_user: ${{ secrets.GHCR_USER }} ghcr_token: ${{ secrets.GHCR_TOKEN }} - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} snyk_token: ${{ secrets.SNYK_TOKEN }} goreleaser: @@ -168,7 +168,7 @@ jobs: trail_name: ${{ needs.pre-build.outputs.trail_name }} kosli_org: kosli-public secrets: - kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} + kosli_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} homebrew-pr: needs: [goreleaser, pre-build] diff --git a/secrets/gh-repo-azure-client-id.txt b/secrets/gh-repo-azure-client-id.txt new file mode 100644 index 00000000..9de68f09 --- /dev/null +++ b/secrets/gh-repo-azure-client-id.txt @@ -0,0 +1,9 @@ +secret-name: AZURE_CLIENT_ID +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-azure-client-secret.txt b/secrets/gh-repo-azure-client-secret.txt new file mode 100644 index 00000000..8cd0b0d0 --- /dev/null +++ b/secrets/gh-repo-azure-client-secret.txt @@ -0,0 +1,9 @@ +secret-name: AZURE_CLIENT_SECRET +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-committer-token.txt b/secrets/gh-repo-committer-token.txt new file mode 100644 index 00000000..5c1a893a --- /dev/null +++ b/secrets/gh-repo-committer-token.txt @@ -0,0 +1,21 @@ +secret-name: COMMITTER_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: Used both to create a pull-request to helm-chart and home-brew + +update-instructions: +Go to the Developer's Github profile + -> Settings + -> Developer settings + -> Personal access tokens + -> Tokens (classic) + -> Generate new token +Token name: gh-cli-committer-token +Expiration: one year +Selected scopes: repo and workflow + +Go to https://github.com/kosli-dev/cli/settings/secrets/actions +under diff --git a/secrets/gh-repo-fury-token.txt b/secrets/gh-repo-fury-token.txt new file mode 100644 index 00000000..6fce3d1e --- /dev/null +++ b/secrets/gh-repo-fury-token.txt @@ -0,0 +1,9 @@ +secret-name: FURY_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-ghcr-token.txt b/secrets/gh-repo-ghcr-token.txt new file mode 100644 index 00000000..2d90e139 --- /dev/null +++ b/secrets/gh-repo-ghcr-token.txt @@ -0,0 +1,9 @@ +secret-name: GHCR_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-ghcr-user.txt b/secrets/gh-repo-ghcr-user.txt new file mode 100644 index 00000000..e23b1602 --- /dev/null +++ b/secrets/gh-repo-ghcr-user.txt @@ -0,0 +1,9 @@ +secret-name: GHCR_USER +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-gpg-passphrase.txt b/secrets/gh-repo-gpg-passphrase.txt new file mode 100644 index 00000000..f7838260 --- /dev/null +++ b/secrets/gh-repo-gpg-passphrase.txt @@ -0,0 +1,9 @@ +secret-name: GPG_PASSPHRASE +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-gpg-private-key.txt b/secrets/gh-repo-gpg-private-key.txt new file mode 100644 index 00000000..c8c45d7a --- /dev/null +++ b/secrets/gh-repo-gpg-private-key.txt @@ -0,0 +1,9 @@ +secret-name: GPG_PRIVATE_KEY +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-kosli-azure-token.txt b/secrets/gh-repo-kosli-azure-token.txt new file mode 100644 index 00000000..374de6a8 --- /dev/null +++ b/secrets/gh-repo-kosli-azure-token.txt @@ -0,0 +1,9 @@ +secret-name: KOSLI_AZURE_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-kosli-bitbucket-password.txt b/secrets/gh-repo-kosli-bitbucket-password.txt new file mode 100644 index 00000000..1126ea0c --- /dev/null +++ b/secrets/gh-repo-kosli-bitbucket-password.txt @@ -0,0 +1,9 @@ +secret-name: KOSLI_BITBUCKET_PASSWORD +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-kosli-github-token.txt b/secrets/gh-repo-kosli-github-token.txt new file mode 100644 index 00000000..b9b16531 --- /dev/null +++ b/secrets/gh-repo-kosli-github-token.txt @@ -0,0 +1,9 @@ +secret-name: KOSLI_GITHUB_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-kosli-gitlab-token.txt b/secrets/gh-repo-kosli-gitlab-token.txt new file mode 100644 index 00000000..94ca4908 --- /dev/null +++ b/secrets/gh-repo-kosli-gitlab-token.txt @@ -0,0 +1,9 @@ +secret-name: KOSLI_GITLAB_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: diff --git a/secrets/gh-repo-kosli-jira-api-token.txt b/secrets/gh-repo-kosli-jira-api-token.txt new file mode 100644 index 00000000..a38237e2 --- /dev/null +++ b/secrets/gh-repo-kosli-jira-api-token.txt @@ -0,0 +1,9 @@ +secret-name: KOSLI_JIRA_API_TOKEN +secret-expire: 2024-09-01 +secret-updated: +secret-updated-by: +secret-type: gh-repo +is-secret: true +secret-usage: + +update-instructions: