From 56874d0b3a5d6d0affe5bf1100b200099a5c4204 Mon Sep 17 00:00:00 2001 From: Jonny Stoten Date: Wed, 23 Oct 2024 10:23:58 +0100 Subject: [PATCH] Remove GitHub app usage now that attest is public Signed-off-by: Jonny Stoten --- .github/workflows/release.yml | 9 --------- .github/workflows/workflow.yaml | 23 ----------------------- Dockerfile | 18 +++--------------- Makefile | 2 +- 4 files changed, 4 insertions(+), 48 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8419fc6..696f829 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,13 +15,6 @@ jobs: with: username: dockerpublicbot password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }} - - name: Generate GitHub App Token - id: app-token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.APP_ID }} - private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-provider" - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -52,5 +45,3 @@ jobs: platforms: linux/amd64,linux/arm64 # todo figure out additional platforms for release attests: type=sbom,generator=docker/scout-sbom-indexer:1 provenance: mode=max - secrets: | - GITHUB_TOKEN=${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 7a170c0..eebe762 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -24,14 +24,6 @@ jobs: with: egress-policy: audit - - name: Generate GitHub App Token - id: app-token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.DOCKER_READ_APP_ID }} - private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-provider" - - name: Set up Go 1.22 uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: @@ -40,12 +32,6 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Download dependencies - run: | - export GOPRIVATE="github.com/docker/attest" - git config --global "url.https://x-access-token:${{ steps.app-token.outputs.token }}@github.com.insteadof" "https://github.com" - go mod download - # source: https://github.com/golangci/golangci-lint-action - name: golangci-lint uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 @@ -72,14 +58,6 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Generate GitHub App Token - id: app-token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.DOCKER_READ_APP_ID }} - private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-provider" - - name: Bootstrap e2e env: KIND_VERSION: 0.23.0 @@ -110,7 +88,6 @@ jobs: - name: Build and install attest-provider run: | ./scripts/generate-tls-cert.sh - export GITHUB_TOKEN=${{ steps.app-token.outputs.token }} make docker-buildx kind-load-image helm install attest-provider charts/attest-provider \ --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \ diff --git a/Dockerfile b/Dockerfile index b30a984..21cfc08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,24 +20,12 @@ ENV CGO_ENABLED=0 WORKDIR /app -# --- This block can be removed when github.com/docker/attest is public -ENV GOPRIVATE="github.com/docker/attest" -RUN --mount=type=secret,id=GITHUB_TOKEN <