Remove non-environment Actions secrets from this repository #24808
Replies: 4 comments
-
We have the following Actions secrets: Repository:
Org-wide:
The other possibility is that the release secrets (npm, github PAT, Docker) are isolated to GitHub Environments. However, I'm not certain if this is appropriate (it didn't seem to be the first time I ever looked into them). That way they're not removed from the repository but it should mean that they are at least protected using Branch protection, which reduces our risk. |
Beta Was this translation helpful? Give feedback.
-
Codecov is not used and can be removed. I think we can use the buildin This works fine at https://github.com/containerbase/buildpack So we only need the npm token in this repo. |
Beta Was this translation helpful? Give feedback.
-
@rarkins We can switch all our docker images to only publish to ghcr.io with |
Beta Was this translation helpful? Give feedback.
-
What's the progress on this issue? |
Beta Was this translation helpful? Give feedback.
-
Describe the proposed change(s).
Quote from @rarkins 1:
Footnotes
https://github.com/renovatebot/renovate/issues/7927#issuecomment-954385272 ↩
Beta Was this translation helpful? Give feedback.
All reactions