New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit repo secrets and variables #903

Open

3 tasks

victorlin opened this issue Jun 6, 2024 · 0 comments

Member

victorlin commented Jun 6, 2024

Overview

from https://github.com/nextstrain/nextstrain.org/settings/secrets/actions

Actions
- Environment secrets
  - HEROKU_TOKEN
- Repository secrets
  - DEV_SERVER_AWS_ACCESS_KEY_ID
  - DEV_SERVER_AWS_SECRET_ACCESS_KEY
- Organization secrets
  - DOCKER_TOKEN_PUBLIC_READ_ONLY
  - HEROKU_TOKEN_READ_PROTECTED
  - SLACK_TOKEN
- Organization variables
  - AWS_DEFAULT_REGION
  - TEST_SLACK_CHANNEL
Dependabot
- Repository secrets
  - AWS_DEFAULT_REGION
  - DEV_SERVER_AWS_ACCESS_KEY_ID
  - DEV_SERVER_AWS_SECRET_ACCESS_KEY
  - HEROKU_TOKEN
  - HEROKU_TOKEN_READ_PROTECTED
  - HEROKU_USER
- Organization secrets
  - GH_TOKEN_NEXTSTRAIN_BOT_REPO

Tasks

Move Dependabot's HEROKU_TOKEN_READ_PROTECTED to the organization level to match Actions secret
Remove these from Dependabot because they're already available as organization variables
- AWS_DEFAULT_REGION
- HEROKU_USER
Remove HEROKU_TOKEN from Dependabot because we don't use Dependabot PRs to deploy to Heroku

The text was updated successfully, but these errors were encountered:

victorlin mentioned this issue

build-ref-matrix failures preventing deployment #899

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment