Adding Github_Token to workflows

LBH-wgreeff · LBH-wgreeff · commit 3d93780134da · 2025-07-25T10:10:13.000+01:00
diff --git a/.github/workflows/cd-terraform-core.yml b/.github/workflows/cd-terraform-core.yml
@@ -49,6 +49,7 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   pre-production:
     needs: ["test", "validate"]
     uses: ./.github/workflows/deploy_terraform.yml
@@ -81,6 +82,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   production:
     needs: [ "pre-production" ]
     uses: ./.github/workflows/deploy_terraform.yml
@@ -113,4 +115,5 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       
diff --git a/.github/workflows/cd-terraform-etl.yml b/.github/workflows/cd-terraform-etl.yml
@@ -49,6 +49,7 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   pre-production:
     needs: ["test", "validate"]
     uses: ./.github/workflows/deploy_terraform.yml
@@ -81,6 +82,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   production:
     needs: [ "pre-production" ]
     uses: ./.github/workflows/deploy_terraform.yml
@@ -113,3 +115,4 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/cd-terraform-networking.yml b/.github/workflows/cd-terraform-networking.yml
@@ -53,6 +53,7 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   pre-production:
     needs: ["validate"]
     uses: ./.github/workflows/deploy_terraform_networking.yml
@@ -82,6 +83,7 @@ jobs:
       AWS_DP_VPC_ID: ${{ secrets.AWS_DP_DEV_VPC_ID }}
       GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS_STG }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   production:
     needs: [ "pre-production" ]
     uses: ./.github/workflows/deploy_terraform_networking.yml
@@ -111,3 +113,4 @@ jobs:
       AWS_DP_VPC_ID: ${{ secrets.AWS_DP_STG_VPC_ID }}
       GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS_PROD }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-terraform-backend-setup.yml b/.github/workflows/ci-terraform-backend-setup.yml
@@ -43,3 +43,4 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-terraform-core.yml b/.github/workflows/ci-terraform-core.yml
@@ -43,6 +43,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   CI-Production-Plan:
     name: "Production"
@@ -73,6 +74,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   CI-Staging-lint:
     name: "Lint"
@@ -103,3 +105,4 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-terraform-etl.yml b/.github/workflows/ci-terraform-etl.yml
@@ -43,6 +43,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   ETL-Plan-Production:
     name: "Production"
@@ -73,6 +74,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   ETL-Lint:
     name: "Lint"
@@ -103,3 +105,4 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-terraform-networking.yml b/.github/workflows/ci-terraform-networking.yml
@@ -44,6 +44,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   CI-Production-Plan:
     name: "Production"
@@ -74,6 +75,7 @@ jobs:
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       PRODUCTION_FIREWALL_IP: ${{ secrets.PRODUCTION_FIREWALL_IP }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   CI-Staging-Lint:
     name: "Lint"
@@ -104,3 +106,4 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml
@@ -74,6 +74,9 @@ on:
         required: true
       TERRAFORM_SECRET_TOKEN:
         required: true
+      GITHUB_TOKEN: 
+        required: false
+
 jobs:
   deploy:
     name: Terraform Apply
diff --git a/.github/workflows/deploy_terraform_networking.yml b/.github/workflows/deploy_terraform_networking.yml
@@ -68,6 +68,8 @@ on:
         required: true
       TERRAFORM_SECRET_TOKEN:
         required: true
+      GITHUB_TOKEN: 
+        required: false
 
 
 jobs:
diff --git a/.github/workflows/lint-terraform.yml b/.github/workflows/lint-terraform.yml
@@ -62,6 +62,8 @@ on:
         required: true
       TERRAFORM_SECRET_TOKEN:
         required: true
+      GITHUB_TOKEN:
+        required: false
 
 jobs:
   lint:
@@ -89,7 +91,11 @@ jobs:
 
       - name: Install tflint
         run: |
-          curl -L "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/74267234 | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip && unzip tflint.zip && rm tflint.zip
+          curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/74267234 \
+          | jq -r '.assets[] | select(.name == "tflint_linux_amd64.zip") | .browser_download_url' \
+          | xargs curl -L -o tflint.zip
+          unzip tflint.zip
+          rm tflint.zip
 
       - name: Configuring AWS credentials
         working-directory: ${{ inputs.build_path }}
@@ -105,4 +111,5 @@ jobs:
           terraform init -backend=false
           ../../tflint --init --config="../config/.tflint.hcl"
           ../../tflint --var-file='../config/stg.tfvars'  --var 'aws_deploy_region=${{ env.aws_deploy_region }}' --var 'aws_deploy_account_id=${{ secrets.aws_deploy_account_id }}' --var 'aws_api_account_id=${{ secrets.AWS_API_ACCOUNT_PROD }}' --var 'aws_hackit_account_id=${{ secrets.AWS_HACKIT_ACCOUNT_ID }}' --var 'aws_sandbox_account_id=${{ secrets.AWS_SANDBOX_ACCOUNT_ID }}' --var 'aws_deploy_iam_role_name=${{ secrets.AWS_ROLE_TO_ASSUME }}' --var 'environment=${{ inputs.environment }}' --var 'google_project_id=${{ env.google_project_id }}' --var 'automation_build_url=${{ inputs.automation_build_url }}' --var 'aws_api_vpc_id=${{ secrets.AWS_API_VPC_ID }}' --var 'copy_liberator_to_pre_prod_lambda_execution_role=${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}' --var 'pre_production_liberator_data_storage_kms_key_arn=${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}' --module --config="../config/.tflint.hcl" --loglevel=warn .
-
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/plan-terraform.yml b/.github/workflows/plan-terraform.yml
@@ -62,6 +62,8 @@ on:
         required: true
       TERRAFORM_SECRET_TOKEN:
         required: true
+      GITHUB_TOKEN: 
+        required: false
 
 jobs:
   plan:
diff --git a/.github/workflows/terraform-core-state-unlock.yml b/.github/workflows/terraform-core-state-unlock.yml
@@ -49,3 +49,4 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/terraform-etl-state-unlock.yml b/.github/workflows/terraform-etl-state-unlock.yml
@@ -49,3 +49,4 @@ jobs:
       COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE: ${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}
       PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN: ${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}
       TERRAFORM_SECRET_TOKEN: ${{ secrets.TERRAFORM_SECRET_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/unlock_terraform_state.yml b/.github/workflows/unlock_terraform_state.yml
@@ -73,6 +73,8 @@ on:
         required: true
       TERRAFORM_SECRET_TOKEN:
         required: true
+      GITHUB_TOKEN: 
+        required: false
 jobs:
   deploy:
     name: Terraform State Unlock
diff --git a/.github/workflows/validate-and-lint-terraform.yml b/.github/workflows/validate-and-lint-terraform.yml
@@ -62,6 +62,8 @@ on:
         required: true
       TERRAFORM_SECRET_TOKEN:
         required: true
+      GITHUB_TOKEN: 
+        required: false
 
 jobs:
   validate:
@@ -131,7 +133,11 @@ jobs:
 
       - name: Install tflint
         run: |
-          curl -L "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/74267234 | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip && unzip tflint.zip && rm tflint.zip
+          curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/74267234 \
+          | jq -r '.assets[] | select(.name == "tflint_linux_amd64.zip") | .browser_download_url' \
+          | xargs curl -L -o tflint.zip
+          unzip tflint.zip
+          rm tflint.zip
 
       - name: Configuring AWS credentials
         working-directory: ${{ inputs.build_path }}
@@ -147,3 +153,5 @@ jobs:
           terraform init -backend=false
           ../../tflint --init --config="../config/.tflint.hcl"
           ../../tflint --var-file='../config/stg.tfvars'  --var 'aws_deploy_region=${{ env.aws_deploy_region }}' --var 'aws_deploy_account_id=${{ secrets.aws_deploy_account_id }}' --var 'aws_api_account_id=${{ secrets.AWS_API_ACCOUNT_PROD }}' --var 'aws_hackit_account_id=${{ secrets.AWS_HACKIT_ACCOUNT_ID }}' --var 'aws_sandbox_account_id=${{ secrets.AWS_SANDBOX_ACCOUNT_ID }}' --var 'aws_deploy_iam_role_name=${{ secrets.AWS_ROLE_TO_ASSUME }}' --var 'environment=${{ inputs.environment }}' --var 'google_project_id=${{ env.google_project_id }}' --var 'automation_build_url=${{ inputs.automation_build_url }}' --var 'aws_api_vpc_id=${{ secrets.AWS_API_VPC_ID }}' --var 'copy_liberator_to_pre_prod_lambda_execution_role=${{ secrets.COPY_LIBERATOR_TO_PRE_PROD_LAMBDA_EXECUTION_ROLE }}' --var 'pre_production_liberator_data_storage_kms_key_arn=${{ secrets.PRE_PRODUCTION_LIBERATOR_DATA_STORAGE_KMS_KEY_ARN }}' --module --config="../config/.tflint.hcl" --loglevel=warn .
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
