Skip to content

Commit

Permalink
Remove apikey from nais deploy
Browse files Browse the repository at this point in the history 
And move permissions
  • Loading branch information
@enstulen
enstulen committed Jan 2, 2024
1 parent c7c3dad commit 6c6a28c
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 37 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,15 @@ on:
branches:
- main

permissions:
actions: read
contents: read
security-events: write

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/deploy-topics.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-gcp
RESOURCE: .nais/topics/config-messages-topic-dev.yml,.nais/topics/config-metrics-topic-dev.yml,.nais/topics/config-processingeventlog-topic-dev.yml,.nais/topics/config-soknadinnsending-topic-dev.yml,.nais/topics/config-messages-topic-loadtests.yml,.nais/topics/config-metrics-topic-loadtests.yml,.nais/topics/config-processingeventlog-topic-loadtests.yml,.nais/topics/config-soknadinnsending-topic-loadtests.yml

Expand All @@ -36,6 +35,5 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
RESOURCE: .nais/topics/config-messages-topic-prod.yml,.nais/topics/config-metrics-topic-prod.yml,.nais/topics/config-processingeventlog-topic-prod.yml,.nais/topics/config-soknadinnsending-topic-prod.yml
11 changes: 5 additions & 6 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,13 @@ on:
paths-ignore:
- '**.md'
- '**/**.md'

permissions:
contents: "write"
id-token: "write"

jobs:
build-and-push:
permissions:
contents: "write"
id-token: "write"
name: Build and push Docker container
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -51,7 +53,6 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-gcp
RESOURCE: .nais/nais.yml
VARS: .nais/config-loadtests.json
Expand All @@ -66,7 +67,6 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
RESOURCE: .nais/nais.yml
VARS: .nais/config-prod.json
Expand All @@ -82,7 +82,6 @@ jobs:
- name: Deploy to alerts to prod
uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
RESOURCE: .nais/alerts.yml
VARS: .nais/prod-alert.json
Expand Down
12 changes: 4 additions & 8 deletions .github/workflows/manual-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,12 @@ on:
- loadtests
- prod

permissions:
contents: "read"
id-token: "write"

jobs:
build-and-push:
permissions:
contents: "read"
id-token: "write"
name: Build and push Docker container
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -60,7 +61,6 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-gcp
RESOURCE: .nais/nais.yml
VARS: .nais/config-preprod.json
Expand All @@ -75,7 +75,6 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-gcp
RESOURCE: .nais/nais.yml
VARS: .nais/config-loadtests.json
Expand All @@ -90,7 +89,6 @@ jobs:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
RESOURCE: .nais/nais.yml
VARS: .nais/config-prod.json
Expand All @@ -108,7 +106,6 @@ jobs:
- name: Deploy to dev
uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-gcp
RESOURCE: .nais/alerts.yml
VARS: .nais/preprod-alert.json
Expand All @@ -124,7 +121,6 @@ jobs:
- name: Deploy to dev
uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
RESOURCE: .nais/alerts.yml
VARS: .nais/prod-alert.json
17 changes: 0 additions & 17 deletions .github/workflows/stale.yml
View file

This file was deleted.

0 comments on commit 6c6a28c

Please sign in to comment.