From 66939681e33229d428c736076aeae362de1c3b1c Mon Sep 17 00:00:00 2001
From: Martin Peck <51542678+sonoransun@users.noreply.github.com>
Date: Wed, 27 Sep 2023 08:34:18 -0700
Subject: [PATCH] Feature/devops 466 remove GitHub token (#1668)

* Deprecate GITHUB_TOKEN.
---
 .gitlab-ci.yml                  | 6 ------
 production/bin/run_command.sh   | 4 ++--
 production/bin/run_migration.sh | 4 ++--
 3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f5f7356853..f741755a65 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -45,16 +45,13 @@ deploy_qa:
     - alias aws='docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_DEFAULT_REGION --rm amazon/aws-cli'
     - aws ssm get-parameters-by-path --region $AWS_DEFAULT_REGION --path /qa/check-api/ --recursive --with-decryption --output text --query "Parameters[].[Name]" | sed -E 's#/qa/check-api/##' > env.qa.names
     - for NAME in `cat env.qa.names`; do echo -n "-s qa-check-api-migration $NAME /qa/check-api/$NAME " >> qa-check-api-migration.env.args; done
-    - echo -n "-s qa-check-api-migration GITHUB_TOKEN arn:aws:secretsmanager:eu-west-1:848416313321:secret:GithubToken-Plain-BUhwIw" >> qa-check-api-migration.env.args
     - ecs update qa-check-api-migration --image qa-check-api-migration $ECR_API_BASE_URL/qa/check/api:$CI_COMMIT_SHA --exclusive-env -e qa-check-api-migration APP check-api -e qa-check-api-migration DEPLOY_ENV qa -e qa-check-api-migration AWS_REGION $AWS_DEFAULT_REGION --exclusive-secrets `cat qa-check-api-migration.env.args`
     - taskArn=$(aws ecs run-task --cluster ecs-qa --task-definition qa-check-api-migration --query 'tasks[].taskArn' --output text)
     - echo "Migration task started - $taskArn"
     - aws ecs wait tasks-stopped --cluster ecs-qa --tasks $taskArn
     - for NAME in `cat env.qa.names`; do echo -n "-s qa-check-api-c $NAME /qa/check-api/$NAME " >> qa-check-api-c.env.args; done
-    - echo -n "-s qa-check-api-c GITHUB_TOKEN arn:aws:secretsmanager:eu-west-1:848416313321:secret:GithubToken-Plain-BUhwIw" >> qa-check-api-c.env.args
     - ecs deploy ecs-qa qa-check-api --image qa-check-api-c $ECR_API_BASE_URL/qa/check/api:$CI_COMMIT_SHA  --timeout 3600 --exclusive-env -e qa-check-api-c APP check-api -e qa-check-api-c DEPLOY_ENV qa -e qa-check-api-c AWS_REGION $AWS_DEFAULT_REGION --exclusive-secrets `cat qa-check-api-c.env.args`
     - for NAME in `cat env.qa.names`; do echo -n "-s qa-check-api-background $NAME /qa/check-api/$NAME " >> qa-check-api-background.env.args; done
-    - echo -n "-s qa-check-api-background GITHUB_TOKEN arn:aws:secretsmanager:eu-west-1:848416313321:secret:GithubToken-Plain-BUhwIw" >> qa-check-api-background.env.args
     - ecs deploy ecs-qa qa-check-api-background --image qa-check-api-background $ECR_API_BASE_URL/qa/check/api:$CI_COMMIT_SHA  --timeout 3600 --exclusive-env -e qa-check-api-background APP check-api -e qa-check-api-background DEPLOY_ENV qa -e qa-check-api-background AWS_REGION $AWS_DEFAULT_REGION --exclusive-secrets `cat qa-check-api-background.env.args`
     - echo "new Image was deployed $ECR_API_BASE_URL/qa/check/api:$CI_COMMIT_SHA"
   only:
@@ -123,18 +120,15 @@ deploy_live:
     - alias aws='docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_DEFAULT_REGION --rm amazon/aws-cli'
     - aws ssm get-parameters-by-path --region $AWS_DEFAULT_REGION --path /live/check-api/ --recursive --with-decryption --output text --query "Parameters[].[Name]" | sed -E 's#/live/check-api/##' > env.live.names
     - for NAME in `cat env.live.names`; do echo -n "-s live-check-api-migration $NAME /live/check-api/$NAME " >> live-check-api-migration.env.args; done
-    - echo -n "-s live-check-api-migration GITHUB_TOKEN arn:aws:secretsmanager:eu-west-1:848416313321:secret:GithubToken-Plain-BUhwIw" >> live-check-api-migration.env.args
     - ecs update live-check-api-migration --image live-check-api-migration $ECR_API_BASE_URL/live/check/api:$CI_COMMIT_SHA --exclusive-env -e live-check-api-migration APP check-api -e live-check-api-migration DEPLOY_ENV live -e live-check-api-migration AWS_REGION $AWS_DEFAULT_REGION --exclusive-secrets `cat live-check-api-migration.env.args`
     - taskArn=$(aws ecs run-task --cluster ecs-live --task-definition live-check-api-migration --query 'tasks[].taskArn' --output text)
     - echo "Migration task started - $taskArn"
     - aws ecs wait tasks-stopped --cluster ecs-live --tasks $taskArn
     - for NAME in `cat env.live.names`; do echo -n "-s live-check-api-c $NAME /live/check-api/$NAME " >> live-check-api-c.env.args; done
-    - echo -n "-s live-check-api-c GITHUB_TOKEN arn:aws:secretsmanager:eu-west-1:848416313321:secret:GithubToken-Plain-BUhwIw" >> live-check-api-c.env.args
     - python3 scripts/uptime-maintenance.py on
     - ecs deploy ecs-live  live-check-api --image live-check-api-c $ECR_API_BASE_URL/live/check/api:$CI_COMMIT_SHA  --timeout 3600 --exclusive-env -e live-check-api-c APP check-api -e live-check-api-c DEPLOY_ENV live -e live-check-api-c AWS_REGION $AWS_DEFAULT_REGION --exclusive-secrets `cat live-check-api-c.env.args`
     - python3 scripts/uptime-maintenance.py off
     - for NAME in `cat env.live.names`; do echo -n "-s live-check-api-background $NAME /live/check-api/$NAME " >> live-check-api-background.env.args; done
-    - echo -n "-s live-check-api-background GITHUB_TOKEN arn:aws:secretsmanager:eu-west-1:848416313321:secret:GithubToken-Plain-BUhwIw" >> live-check-api-background.env.args
     - ecs deploy ecs-live  live-check-api-background --image live-check-api-background $ECR_API_BASE_URL/live/check/api:$CI_COMMIT_SHA  --timeout 3600 --exclusive-env -e live-check-api-background APP check-api -e live-check-api-background DEPLOY_ENV live -e live-check-api-background AWS_REGION $AWS_DEFAULT_REGION --exclusive-secrets `cat live-check-api-background.env.args`
     - echo "new Image was deployed $ECR_API_BASE_URL/live/check/api:$CI_COMMIT_SHA"
   only:
diff --git a/production/bin/run_command.sh b/production/bin/run_command.sh
index 1635d28048..e46c43a4f1 100755
--- a/production/bin/run_command.sh
+++ b/production/bin/run_command.sh
@@ -4,8 +4,8 @@
 
 set -e
 
-if [[ -z ${GITHUB_TOKEN+x} || -z ${DEPLOY_ENV+x} ]]; then
-	echo "GITHUB_TOKEN, DEPLOY_ENV  must be in the environment. Exiting."
+if [[ -z ${DEPLOY_ENV+x} ]]; then
+	echo "DEPLOY_ENV must be in the environment. Exiting."
 	exit 1
 fi
 
diff --git a/production/bin/run_migration.sh b/production/bin/run_migration.sh
index 609525267c..b476c0b9a0 100755
--- a/production/bin/run_migration.sh
+++ b/production/bin/run_migration.sh
@@ -6,8 +6,8 @@ set -e
 
 DEPLOY_ENV=$1
 
-if [[ -z ${GITHUB_TOKEN+x} || -z ${DEPLOY_ENV+x} ]]; then
-	echo "GITHUB_TOKEN, DEPLOY_ENV  must be in the environment. Exiting."
+if [[ -z ${DEPLOY_ENV+x} ]]; then
+	echo "DEPLOY_ENV must be in the environment. Exiting."
 	exit 1
 fi