From 5a93bc086e05a9ec508cb78f6565739c0dcd92d6 Mon Sep 17 00:00:00 2001
From: Yusuke Morimoto <yusuke.morimoto@scalar-labs.com>
Date: Tue, 22 Jul 2025 18:50:48 +0900
Subject: [PATCH] Remove CR_PAT secret from vuln-check workflows

---
 .github/workflows/manual-vuln-check.yaml    | 2 --
 .github/workflows/scheduled-vuln-check.yaml | 5 -----
 .github/workflows/vuln-check.yaml           | 3 ---
 3 files changed, 10 deletions(-)

diff --git a/.github/workflows/manual-vuln-check.yaml b/.github/workflows/manual-vuln-check.yaml
index 14b6054359..0010dc503c 100644
--- a/.github/workflows/manual-vuln-check.yaml
+++ b/.github/workflows/manual-vuln-check.yaml
@@ -10,5 +10,3 @@ jobs:
     uses: ./.github/workflows/vuln-check.yaml
     with:
       target-ref: ${{ github.ref_name }}
-    secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
diff --git a/.github/workflows/scheduled-vuln-check.yaml b/.github/workflows/scheduled-vuln-check.yaml
index b6e9718824..d137cd85f1 100644
--- a/.github/workflows/scheduled-vuln-check.yaml
+++ b/.github/workflows/scheduled-vuln-check.yaml
@@ -13,7 +13,6 @@ jobs:
     with:
       target-ref: master
     secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
       SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }}
 
   call-vuln-check-for-v3_13:
@@ -22,7 +21,6 @@ jobs:
       target-ref: v3.13
       find-latest-release: true
     secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
       SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }}
 
   call-vuln-check-for-v3_14:
@@ -31,7 +29,6 @@ jobs:
       target-ref: v3.14
       find-latest-release: true
     secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
       SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }}
 
   call-vuln-check-for-v3_15:
@@ -40,7 +37,6 @@ jobs:
       target-ref: v3.15
       find-latest-release: true
     secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
       SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }}
 
   call-vuln-check-for-v3_16:
@@ -49,5 +45,4 @@ jobs:
       target-ref: v3.16
       find-latest-release: true
     secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
       SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }}
diff --git a/.github/workflows/vuln-check.yaml b/.github/workflows/vuln-check.yaml
index ff43cbcf14..70e3cb42e9 100644
--- a/.github/workflows/vuln-check.yaml
+++ b/.github/workflows/vuln-check.yaml
@@ -14,8 +14,6 @@ on:
         type: boolean
         default: false
     secrets:
-      CR_PAT:
-        required: true
       SLACK_SECURITY_WEBHOOK_URL:
         required: false
 
@@ -28,5 +26,4 @@ jobs:
       images: '[["ScalarDB Schema Loader", "scalardb-schema-loader"], ["ScalarDB Data Loader CLI", "scalardb-data-loader-cli"]]'
       version-command: "./gradlew :core:properties -q | grep version: | awk '{print $2}'"
     secrets:
-      CR_PAT: ${{ secrets.CR_PAT }}
       SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }}