authenticate API requests from GitHub runners as well

cloudposse · Feb 7, 2025 · f5229b0 · f5229b0
1 parent ce91942
commit f5229b0
Show file tree

Hide file tree

Showing 149 changed files with 894 additions and 149 deletions.
diff --git a/.github/package-template.yml b/.github/package-template.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/amazon-ecr-credential-helper.yml b/.github/workflows/amazon-ecr-credential-helper.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/amtool.yml b/.github/workflows/amtool.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/argocd.yml b/.github/workflows/argocd.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/assume-role.yml b/.github/workflows/assume-role.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/atlantis.yml b/.github/workflows/atlantis.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/atmos.yml b/.github/workflows/atmos.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/awless.yml b/.github/workflows/awless.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/aws-copilot-cli.yml b/.github/workflows/aws-copilot-cli.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/aws-iam-authenticator.yml b/.github/workflows/aws-iam-authenticator.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/aws-nuke.yml b/.github/workflows/aws-nuke.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/aws-vault.yml b/.github/workflows/aws-vault.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/cfssl.yml b/.github/workflows/cfssl.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/cfssljson.yml b/.github/workflows/cfssljson.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/chamber.yml b/.github/workflows/chamber.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/cilium-cli.yml b/.github/workflows/cilium-cli.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/cli53.yml b/.github/workflows/cli53.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/cloud-nuke.yml b/.github/workflows/cloud-nuke.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'

diff --git a/.github/workflows/cloudflared.yml b/.github/workflows/cloudflared.yml
@@ -151,6 +151,11 @@ jobs:
       # Publish the artifacts
       - name: "Push artifact to package repository"
         uses: cloudsmith-io/action@v0.6.10
+        env:
+          # This is a hack. We need to hack the action by setting up a `curl` wrapper
+          # that injects the GIT_TOKEN into API requests so our rate limit is high enough
+          # that we do not have half the packages timing out.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'
@@ -257,7 +262,7 @@ jobs:
           # This is a hack. We need to hack the action by setting up a `curl` wrapper
           # that injects the GIT_TOKEN into API requests so our rate limit is high enough
           # that we do not have half the packages timing out.
-          GITHUB_TOKEN: "${{  matrix.arch == 'arm64' && secrets.GITHUB_TOKEN || '' }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
           api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
           command: 'push'