From 385f3fa2607c1f6870a16f3b8f3ffa22414a0d49 Mon Sep 17 00:00:00 2001
From: sergerad <serge.radinovich@immutable.com>
Date: Mon, 6 Jan 2025 14:44:44 +1300
Subject: [PATCH] Fix secrets ref

---
 .github/actions/push/action.yaml |  9 +++------
 .github/workflows/main.yaml      |  7 -------
 .github/workflows/pr.yaml        | 10 +---------
 3 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/.github/actions/push/action.yaml b/.github/actions/push/action.yaml
index d9fce0ef8..2a38acf4d 100644
--- a/.github/actions/push/action.yaml
+++ b/.github/actions/push/action.yaml
@@ -37,9 +37,6 @@ on:
         required: false
         type: string
         default: ""
-    secrets:
-      github-token:
-        required: true
 
 # this is used by github OIDC to assume the admin role later on
 permissions: # see this: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
@@ -59,7 +56,7 @@ jobs:
         with:
           fetch-depth: 0
           submodules: false
-          token: ${{ secrets.github-token }}
+          token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
           ref: ${{ inputs.git-release-tag }}
 
       - name: Log in to GitHub Container Registry
@@ -67,14 +64,14 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.github-token }}
+          password: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ghcr.io/${{ github.repository }}/s
-          github-token: ${{ secrets.github-token }}
+          github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
       - name: Set env vars
         run: |
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 05fb41d23..faebc1f45 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -17,19 +17,12 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          submodules: false
-          token: ${{ secrets.github-token }}
-          ref: ${{ inputs.git-release-tag }}
       - uses: ./.github/actions/push
         with:
           environment: dev
           dockerfile: "Dockerfile"
           go-mod-cache-path: "~/go/pkg/mod"
           go-build-cache-path: "~/.cache/go-build"
-    secrets:
-      github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
   tests:
     name: Tests
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index beaa2bc0d..71ce3c1d2 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -14,21 +14,13 @@ jobs:
     name: temporary
     runs-on: ubuntu-20-04-4-cores
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          submodules: false
-          token: ${{ secrets.github-token }}
-          ref: ${{ inputs.git-release-tag }}
+      - uses: actions/checkout@v3
       - uses: ./.github/actions/push
         with:
           environment: dev
           dockerfile: "Dockerfile"
           go-mod-cache-path: "~/go/pkg/mod"
           go-build-cache-path: "~/.cache/go-build"
-    secrets:
-      github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
   bootstrap:
     name: Local E2E Tests