Fix build step

tweedegolf · Apr 25, 2024 · 6935da5 · 6935da5
1 parent 40e2baa
commit 6935da5
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 31 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -35,8 +35,6 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
-          context: .
-          file: docker/app.Dockerfile
           pull: true
           push: true
           tags: |

diff --git a/README.md b/README.md
@@ -84,38 +84,10 @@ ARGS:
     <manifest-path>    Path to manifest file
 ```
 
-### Getting deploy tokens
-Use the `bin/extract-token.sh` script to quickly get the deploy token for a
-basic service account generated after running kubectl on the files generated by
-`cluster-generate`. If this doesn't work, follow these steps to get the deploy
-token manually: You can fetch the token by executing the following with
-`kubectl`:
-
-```
-# kubectl describe serviceaccount example-ci
-Name:                example-ci
-Namespace:           default
-Labels:              <none>
-Annotations:         kubectl.kubernetes.io/last-applied-configuration:
-                       {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"example-ci","namespace":"default"}}
-Image pull secrets:  <none>
-Mountable secrets:   example-ci-token-rpg9x
-Tokens:              example-ci-token-rpg9x
-Events:              <none>
-
-# kubectl get secret example-ci-token-rpg9x -o=jsonpath='{.data.token}'| base64 --decode
-<snip token>
-```
-
-Service accounts are populated using `cluster-generate`. Only kubernetes
-cluster admins can deploy service accounts, so ask your local admin to get it
-for you. Deploy tokens need to be encrypted using `ansible-vault` and your
-`SECRET`.
-
 ## Inspect serviceaccount privileges
 An admin can inspect the privileges handed out to all service account *per namespace* using the following invocation or similar:
 
-```kubectl auth can-i --as system:serviceaccount:default:woz-viewer-ci --list -n woz-viewer-production```
+```kubectl auth can-i --as system:serviceaccount:default:example-ci --list -n example-production```
 
 Currently we provide two clusterroles via clustergenerate:
 * *role-all*: a role that gives all permissions. When bound as a RoleBinding for a specific namespace, will only grant all permissions for that namespace, except for changing more RoleBindings and Roles. When handed out as an ClusterRoleBinding, will grant all permissions.