From c9875ef1121e425bdb7f38e2f9a5ca3e9ad030d9 Mon Sep 17 00:00:00 2001
From: Brad Smith <brasmith@redhat.com>
Date: Mon, 9 Dec 2024 15:27:21 -0500
Subject: [PATCH] fix: stop interacting with GHCR, disable scheduled jobs

Pushes to and pulls from GHCR no longer work after 2024-12-09 because
the secrets we use are no longer valid. What broke the secrets? They
were (still are at the time of this commit) GitHub personal access keys
belonging to the user @quipucords-bot, but on 2024-12-09 the
@quipucords-bot user was demoted and removed from the org due to
newly onerous security restrictions by Red Hat.

Until we rewrite this code, probably to use to Quay instead of GHRC,
the `reaper` repo will save no new images after PRs merge, and no
scheduled jobs will run to reap the AWS and Azure accounts.
---
 .github/workflows/docker-build.yml                 | 3 +++
 .github/workflows/schedule-reap-aws-dev.yml        | 8 +++++---
 .github/workflows/schedule-reap-aws-stage-prod.yml | 8 +++++---
 .github/workflows/schedule-reap-azure.yml          | 8 +++++---
 4 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 5368774..42dbc05 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -25,6 +25,9 @@ jobs:
       - run: docker pull $IMAGE_NAME:latest || true
       - run: docker build --cache-from $IMAGE_NAME:latest .
   deploy-build-and-push-image:
+    # Pushes to GHCR no longer work after 2024-12-09 because the secrets are no longer valid.
+    # I am leaving this code alive to indicate failure risk in any new PR checks.
+    # Images are being built in PRs but will never successfully push to the GHCR.
     name: Build and Push Image
     if: github.ref == 'refs/heads/main'
     needs: [docker-build]
diff --git a/.github/workflows/schedule-reap-aws-dev.yml b/.github/workflows/schedule-reap-aws-dev.yml
index 0c0cdea..c487d85 100644
--- a/.github/workflows/schedule-reap-aws-dev.yml
+++ b/.github/workflows/schedule-reap-aws-dev.yml
@@ -4,9 +4,11 @@ env:
   IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/reaper
   AWS_DEFAULT_REGION: us-east-1
 
-on:
-  schedule:
-    - cron: '0 2 * * *'
+# Disabling all scheduled jobs for now.
+# Pulls from GHCR no longer work after 2024-12-09 because the secrets are no longer valid.
+# on:
+#   schedule:
+#     - cron: '0 2 * * *'
 
 jobs:
   docker:
diff --git a/.github/workflows/schedule-reap-aws-stage-prod.yml b/.github/workflows/schedule-reap-aws-stage-prod.yml
index 8b6a4a2..a1928d3 100644
--- a/.github/workflows/schedule-reap-aws-stage-prod.yml
+++ b/.github/workflows/schedule-reap-aws-stage-prod.yml
@@ -4,9 +4,11 @@ env:
   IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/reaper
   AWS_DEFAULT_REGION: us-east-1
 
-on:
-  schedule:
-    - cron: '30 * * * *'
+# Disabling all scheduled jobs for now.
+# Pulls from GHCR no longer work after 2024-12-09 because the secrets are no longer valid.
+# on:
+#   schedule:
+#     - cron: '30 * * * *'
 
 jobs:
   docker:
diff --git a/.github/workflows/schedule-reap-azure.yml b/.github/workflows/schedule-reap-azure.yml
index 18d7131..6036dea 100644
--- a/.github/workflows/schedule-reap-azure.yml
+++ b/.github/workflows/schedule-reap-azure.yml
@@ -3,9 +3,11 @@ name: Scheduled reap Azure tenants
 env:
   IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/reaper
 
-on:
-  schedule:
-    - cron: '0 3 * * *'
+# Disabling all scheduled jobs for now.
+# Pulls from GHCR no longer work after 2024-12-09 because the secrets are no longer valid.
+# on:
+#   schedule:
+#     - cron: '0 3 * * *'
 
 jobs:
   docker: