diff --git a/.github/workflows/secret-expire-check.yml b/.github/workflows/secret-expire-check.yml deleted file mode 100644 index 03c0290..0000000 --- a/.github/workflows/secret-expire-check.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Daily Check to see if any secrets will expire soon - -on: - workflow_dispatch: - schedule: # At 04:00 every morning - - cron: '0 04 * * *' - - -jobs: - secret-expire-check: - runs-on: ubuntu-latest - permissions: - id-token: write - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Run check if any secrets will expire within next month - id: secrete-expire-check-month - run: | - ./bin/check_secret_expire.sh $(date -d "+1 month" +"%Y-%m-%d") - - - name: Slack Notification on Failure - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_CHANNEL: secret-expire - SLACK_WEBHOOK: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} - SLACK_USERNAME: GithubActions - SLACK_COLOR: ${{ job.status }} - SLACKIFY_MARKDOWN: true - SLACK_TITLE: Secret has expired - SLACK_MESSAGE: "Some secrets in `veracode-integration-example` is about to or has expired. Please check the \ - [log](${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}) \ - for more details." - SLACK_FOOTER: diff --git a/bin/check_secret_expire.sh b/bin/check_secret_expire.sh deleted file mode 100755 index 0998994..0000000 --- a/bin/check_secret_expire.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env bash -set -Eeu - -SCRIPT_NAME=check_secret_expire.sh -ROOT_DIR=$(dirname $(readlink -f $0))/.. -NOW_DATE=$(date +%Y-%m-%d) - -print_help() -{ - cat < [yyyy-mm-dd] - -Will search all txt-files in secrets directory to see if any of them -has a secret that has expired. You can specify a date if you want to -know if something expires in the future - -Options are: - -h Print this help menu -EOF -} - -check_arguments() -{ - while getopts "h" opt; do - case $opt in - h) - print_help - exit 1 - ;; - \?) - echo "Invalid option: -$OPTARG" >&2 - exit 1 - ;; - esac - done - - # Remove options from command line - shift $((OPTIND-1)) - - if [ $# -eq 1 ]; then - NOW_DATE=$1; shift - fi -} - -echo_if_secret_expired() -{ - local file=$1; shift - local now_date=$1; shift - local expire_date now_sec expire_sec - expire_date=$(grep "secret-expire:" ${file} | sed "s/secret-expire: *//") - - if [[ ! "${now_date}" < "${expire_date}" ]]; then - grep "secret-name:" ${file} | sed "s/secret-name: */ /" | tr '\n' ' ' - grep "secret-expire:" ${file} - return 1 - fi - return 0 -} - -main() -{ - check_arguments "$@" - local file - local result=0 - echo "The following is a list of secrets in 'secrets/*txt' which will have expired on ${NOW_DATE}" - for file in ${ROOT_DIR}/secrets/*txt; do - echo_if_secret_expired ${file} ${NOW_DATE} || result=1 - done - return $result -} - -main "$@" diff --git a/secrets/gh-repo-kosli-public-api-token.txt b/secrets/gh-repo-kosli-public-api-token.txt deleted file mode 100644 index efabe84..0000000 --- a/secrets/gh-repo-kosli-public-api-token.txt +++ /dev/null @@ -1,15 +0,0 @@ -secret-name: KOSLI_PUBLIC_API_TOKEN -secret-expire: 2026-03-10 -secret-updated: 2025-03-10 -secret-updated-by: tore -secret-type: gh-repo -is-secret: true -secret-usage: Secret used to report Veracode example builds to -https://app.kosli.com/kosli-public - -update-instructions: -Get new API key from https://app.kosli.com/kosli-public/settings/service-accounts#Veracode-example-reporter -This is the api-key for the Veracode-example-reporter. - -Go to https://github.com/kosli-dev/veracode-integration-example/settings/secrets/actions -under