comment out ACS env vars in GitHub Actions

The automatically generated GitHub Actions workflows include a step
which checks that exposed environment variables are actually set.

`REKOR_HOST` and `TUF_MIRROR` should not be required and there is
currently no way to easily mark the env vars as not required for the
required check step.
Comment them out and let users uncomment them when they want to use an
external instance

Author: tnevrlka

generated/gitops-template/githubactions/.github/workflows/gitops-promotion.yml

@@ -28,9 +28,9 @@ env:
   # Set this password for your specific registry
   IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
   # Set this only when using an external Rekor instance
-  REKOR_HOST: ${{ secrets.REKOR_HOST }}
+  # REKOR_HOST: ${{ secrets.REKOR_HOST }}
   # Set this only when using an external TUF instance
-  TUF_MIRROR: ${{ secrets.TUF_MIRROR }}
+  # TUF_MIRROR: ${{ secrets.TUF_MIRROR }}
   # QUAY_IO_CREDS_USR: ${{ secrets.QUAY_IO_CREDS_USR }}
   # QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
   # ARTIFACTORY_IO_CREDS_USR: ${{ secrets.ARTIFACTORY_IO_CREDS_USR }}
@@ -78,9 +78,9 @@ jobs:
             /* Set this password for your specific registry */
             IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`, 
             /* Set this only when using an external Rekor instance */
-            REKOR_HOST: `${{ secrets.REKOR_HOST }}`, 
+            /*REKOR_HOST: `${{ secrets.REKOR_HOST }}`, */
             /* Set this only when using an external TUF instance */
-            TUF_MIRROR: `${{ secrets.TUF_MIRROR }}`, 
+            /*TUF_MIRROR: `${{ secrets.TUF_MIRROR }}`, */
             /*QUAY_IO_CREDS_USR: `${{ secrets.QUAY_IO_CREDS_USR }}`, */
             /*QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`, */
             /*ARTIFACTORY_IO_CREDS_USR: `${{ secrets.ARTIFACTORY_IO_CREDS_USR }}`, */

generated/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml

@@ -24,9 +24,9 @@ env:
   # Set this password for your specific registry
   IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
   # Set this only when using an external Rekor instance
-  REKOR_HOST: ${{ secrets.REKOR_HOST }}
+  # REKOR_HOST: ${{ secrets.REKOR_HOST }}
   # Set this only when using an external TUF instance
-  TUF_MIRROR: ${{ secrets.TUF_MIRROR }}
+  # TUF_MIRROR: ${{ secrets.TUF_MIRROR }}
   # QUAY_IO_CREDS_USR: ${{ secrets.QUAY_IO_CREDS_USR }}
   # QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
   # ARTIFACTORY_IO_CREDS_USR: ${{ secrets.ARTIFACTORY_IO_CREDS_USR }}
@@ -79,9 +79,9 @@ jobs:
             /* Set this password for your specific registry */
             IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`, 
             /* Set this only when using an external Rekor instance */
-            REKOR_HOST: `${{ secrets.REKOR_HOST }}`, 
+            /*REKOR_HOST: `${{ secrets.REKOR_HOST }}`, */
             /* Set this only when using an external TUF instance */
-            TUF_MIRROR: `${{ secrets.TUF_MIRROR }}`, 
+            /*TUF_MIRROR: `${{ secrets.TUF_MIRROR }}`, */
             /*QUAY_IO_CREDS_USR: `${{ secrets.QUAY_IO_CREDS_USR }}`, */
             /*QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`, */
             /*ARTIFACTORY_IO_CREDS_USR: `${{ secrets.ARTIFACTORY_IO_CREDS_USR }}`, */

templates/data.yaml

@@ -31,9 +31,11 @@ build_secrets:
   - name: REKOR_HOST
     if: 'isGitHub'
     comment: "Set this only when using an external Rekor instance"
+    commented_out: true
   - name: TUF_MIRROR
     if: 'isGitHub'
     comment: "Set this only when using an external TUF instance"
+    commented_out: true
   - name: IMAGE_REGISTRY_USER
     if: '!isGitHub'
     commented_out: true
@@ -112,9 +114,11 @@ gitops_secrets:
   - name: REKOR_HOST
     if: 'isGitHub'
     comment: "Set this only when using an external Rekor instance"
+    commented_out: true
   - name: TUF_MIRROR
     if: 'isGitHub'
     comment: "Set this only when using an external TUF instance"
+    commented_out: true
   # other CIs in transition so comment out and leave Quay.io
   - name: IMAGE_REGISTRY_USER
     if: '!isGitHub'