From 293e475987da813be40e0d0a6bc6f2a770627304 Mon Sep 17 00:00:00 2001
From: carl hedgren <carl.hedgren@nav.no>
Date: Wed, 29 Jan 2025 09:39:50 +0100
Subject: [PATCH] Inform of the previous deprecation of api keys

Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
---
 actions/deploy/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/actions/deploy/entrypoint.sh b/actions/deploy/entrypoint.sh
index 71dc6fda..c3fecb99 100755
--- a/actions/deploy/entrypoint.sh
+++ b/actions/deploy/entrypoint.sh
@@ -54,6 +54,7 @@ fi
 # if no apikey is set, use use the id-token to get a jwt token for the deploy CLI
 # This is a bug, the security level of our ci stuff is at the same level as an apikey here since we offer that
 # in addition to federated workload identity
+
 if [ -z "$APIKEY" ]; then
     if [ -z "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ] || [ -z "$ACTIONS_ID_TOKEN_REQUEST_URL" ]; then
         echo "Missing id-token permissions. This must be set either globally in the workflow, or for the specific job performing the deploy."
@@ -66,6 +67,8 @@ if [ -z "$APIKEY" ]; then
     jwt=$(echo "$payload" | jq -r '.value')
 
     export GITHUB_TOKEN="$jwt"
+else
+    echo "::notice ::APIKEY IS DEPRECATED, PLEASE USE WORKLOAD IDENTITY, For more info see https://doc.nais.io/build/how-to/build-and-deploy and/or https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs"
 fi
 
 export ACTIONS="true"