fix: ci (#4699)

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

.github/actions/e2e-managed/action.yml

@@ -148,7 +148,7 @@ runs:
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
-        password: ${{ env.GITHUB_TOKEN }}
+        password: ${{ github.token }}
 
     - name: Run managed e2e Tests
       shell: bash

.github/actions/sign/action.yml

@@ -11,15 +11,6 @@ inputs:
     description: "image tag"
     required: true
     default: ""
-  GHCR_USERNAME:
-    description: "ghcr username"
-    required: true
-  GHCR_TOKEN:
-    description: "ghcr token"
-    required: true
-  GITHUB_TOKEN:
-    description: "gh token"
-    required: true
 
 runs:
   using: "composite"
@@ -42,8 +33,8 @@ runs:
       uses: docker/login-action@v1.14.1
       with:
         registry: ghcr.io
-        username: ${{ inputs.GHCR_USERNAME }}
-        password: ${{ inputs.GHCR_TOKEN }}
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
 
     - name: Setup Go
       uses: actions/setup-go@v3
@@ -83,7 +74,7 @@ runs:
         arguments: --repository "${{ inputs.image-name }}" --output-path provenance.${{ inputs.image-tag }}.intoto.jsonl --digest "${{ steps.container_info.outputs.digest }}" --tags "${{ inputs.image-tag }}"
       env:
         COSIGN_EXPERIMENTAL: "0"
-        GITHUB_TOKEN: "${{ inputs.GITHUB_TOKEN }}"
+        GITHUB_TOKEN: "${{ github.token }}"
 
     - name: Attach provenance
       shell: bash

.github/workflows/ci.yml

@@ -179,8 +179,6 @@ jobs:
       build-args: ${{ matrix.build-args }}
       build-arch: ${{ matrix.build-arch }}
       ref: ${{ github.ref }}
-      username: ${{ github.actor }}
     secrets:
-      GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       IS_FORK: ${{ secrets.GHCR_USERNAME }} # this is just a secret to verify it is a fork or not, no other utility
 

.github/workflows/e2e-managed.yml

@@ -47,7 +47,6 @@ env:
   GITHUB_PR_NUMBER: ${{ github.event.client_payload.pull_request.number }}
   CLOUD_PROVIDER: ${{ github.event.client_payload.slash_command.args.named.provider }}
   INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
-  GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 name: managed e2e tests
 

.github/workflows/publish.yml

@@ -28,12 +28,7 @@ on:
       build-platform:
         required: true
         type: string
-      username:
-        required: true
-        type: string
     secrets:
-      GHCR_TOKEN:
-        required: true
       IS_FORK:
         required: false
 
@@ -97,8 +92,8 @@ jobs:
         if: env.IS_FORK != ''
         with:
           registry: ghcr.io
-          username: ${{ inputs.username }}
-          password: ${{ secrets.GHCR_TOKEN }}
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
 
       - name: Get docker image tag
         id: container_info
@@ -167,6 +162,3 @@ jobs:
         with:
           image-name: ${{ inputs.image-name }}
           image-tag: ${{ needs.build-publish.outputs.image-tag }}
-          GHCR_USERNAME: ${{ inputs.username }}
-          GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}

.github/workflows/rebuild-image.yml

@@ -70,5 +70,4 @@ jobs:
       image-tag: ${{ github.event.inputs.ref }}
       username: ${{ github.actor }}
     secrets:
-      GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       IS_FORK: ${{ secrets.GHCR_USERNAME }}

.github/workflows/release.yml

@@ -121,9 +121,6 @@ jobs:
         with:
           image-name: ${{ env.IMAGE_NAME }}
           image-tag: ${{ env.RELEASE_TAG }}
-          GHCR_USERNAME: ${{ github.actor }}
-          GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Update Release
         uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2