From 20a4adbc7b54e5affd2dea772924d5102d643ff6 Mon Sep 17 00:00:00 2001
From: Falk Puschner <falk.puschner@staffbase.com>
Date: Fri, 2 Jun 2023 11:39:23 +0200
Subject: [PATCH 1/2] :fire: Remove explicit tokens

---
 .github/workflows/template_gitops.yml | 22 ++++++----------------
 README.md                             | 10 ++--------
 2 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
index be47a91b..aa33161c 100644
--- a/.github/workflows/template_gitops.yml
+++ b/.github/workflows/template_gitops.yml
@@ -26,23 +26,18 @@ on:
       gitops-prod:
         required: false
         type: string
+    # waiting for: https://github.com/github-community/community/discussions/17554
     secrets:
       docker-username:
         required: false
       docker-password:
         required: false
-      gitops-token:
-        required: false
-      npm-token:
-        required: false
-      goproxy:
-        required: false
-      gonosumdb:
-        required: false
       docker-build-secrets:
         required: false
       docker-build-secret-files:
         required: false
+      gitops-token:
+        required: false
 
 jobs:
   gitops:
@@ -61,18 +56,13 @@ jobs:
         with:
           docker-username: ${{ secrets.docker-username }}
           docker-password: ${{ secrets.docker-password }}
-          # remove npm token, goproxy, gonosumdb if feature is available: https://github.com/github-community/community/discussions/17554
-          docker-build-args: |
-            ${{ inputs.docker-build-args }}
-            NPM_TOKEN=${{ secrets.npm-token }}
-            GOPROXY=${{ secrets.goproxy }}
-            GONOSUMDB=${{ secrets.gonosumdb }}
+          docker-build-args: ${{ inputs.docker-build-args }}
           docker-build-target: ${{ inputs.docker-build-target }}
+          docker-build-secrets: ${{ secrets.docker-build-secrets }}
+          docker-build-secret-files: ${{ secrets.docker-build-secret-files }}
           docker-file: ${{ inputs.docker-file }}
           docker-image: ${{ inputs.docker-image }}
           gitops-token: ${{ secrets.gitops-token }}
           gitops-dev: ${{ inputs.gitops-dev }}
           gitops-stage: ${{ inputs.gitops-stage }}
           gitops-prod: ${{ inputs.gitops-prod }}
-          docker-build-secrets: ${{ secrets.docker-build-secrets }}
-          docker-build-secret-files: ${{ secrets.docker-build-secret-files }}
diff --git a/README.md b/README.md
index 8cd39e2d..a277cc79 100644
--- a/README.md
+++ b/README.md
@@ -95,24 +95,18 @@ jobs:
       gitops-prod: |-
         your files
     secrets:
-      # optional: token to access the repository
-      gitops-token: ${{ <your-gitops-token> }}
       # optional: username for the docker registry
       docker-username: ${{ <your-docker-username> }}
       # optional: password for the docker registry
       docker-password: ${{ <your-docker-password> }}
-      # optional: token to pull private npm packages
-      npm-token: ${{ <your-npm-token> }}
-      # optional: goproxy environment variable
-      goproxy: ${{ <your-goproxy> }}
-      # optional: gonosumdb environment variable
-      gonosumdb: ${{ <your-gonosumdb> }}
       # optional: list of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)
       docker-build-secrets: |
         "${{ <your-secrets> }}"
       # optional: list of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)
       docker-build-secret-files: |
         "${{ <your-secret-files> }}"
+      # optional: token to access the repository
+      gitops-token: ${{ <your-gitops-token> }}
 ```
 </details>
 

From 75ad8e89615865fc822233f607f586b407566373 Mon Sep 17 00:00:00 2001
From: Falk Puschner <falk.puschner@staffbase.com>
Date: Tue, 31 Oct 2023 18:27:44 +0100
Subject: [PATCH 2/2] :rewind: Revert gonosumdb changes

---
 .github/workflows/template_gitops.yml | 8 ++++++--
 README.md                             | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
index 9160d468..5b2cd775 100644
--- a/.github/workflows/template_gitops.yml
+++ b/.github/workflows/template_gitops.yml
@@ -42,6 +42,8 @@ on:
         required: false
       gitops-token:
         required: false
+      gonosumdb:
+        required: false
 
 jobs:
   gitops:
@@ -60,11 +62,13 @@ jobs:
         with:
           docker-username: ${{ secrets.docker-username }}
           docker-password: ${{ secrets.docker-password }}
-          docker-build-args: ${{ inputs.docker-build-args }}
+          docker-build-args: |
+            ${{ inputs.docker-build-args }}
+            GONOSUMDB=${{ secrets.gonosumdb }}
           docker-build-provenance: ${{ inputs.docker-build-provenance }}
-          docker-build-target: ${{ inputs.docker-build-target }}
           docker-build-secrets: ${{ secrets.docker-build-secrets }}
           docker-build-secret-files: ${{ secrets.docker-build-secret-files }}
+          docker-build-target: ${{ inputs.docker-build-target }}
           docker-file: ${{ inputs.docker-file }}
           docker-image: ${{ inputs.docker-image }}
           gitops-token: ${{ secrets.gitops-token }}
diff --git a/README.md b/README.md
index 7fdb8488..4402938e 100644
--- a/README.md
+++ b/README.md
@@ -109,6 +109,8 @@ jobs:
         "${{ <your-secret-files> }}"
       # optional: token to access the repository
       gitops-token: ${{ <your-gitops-token> }}
+      # optional: gonosumdb environment variable
+      gonosumdb: ${{ <your-gonosumdb> }}
 ```
 </details>