fix: keep microservices doppler token out of gitea

.gitea/workflows/deploy.yml

@@ -227,7 +227,6 @@ jobs:
             -e "tailscale_oauth_client_id=${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }}" \
             -e "tailscale_oauth_client_secret=${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }}" \
             -e "doppler_hetznerterra_service_token=${{ secrets.DOPPLER_HETZNERTERRA_SERVICE_TOKEN }}" \
-            -e "doppler_openstaticfish_microservices_service_token=${{ secrets.DOPPLER_MICROSERVICES_SERVICE_TOKEN }}" \
             -e "ghcr_username=${{ secrets.GHCR_USERNAME }}" \
             -e "ghcr_read_token=${{ secrets.GHCR_READ_TOKEN }}" \
             -e "tailscale_api_key=${{ secrets.TAILSCALE_API_KEY }}" \

ansible/roles/doppler-bootstrap/tasks/main.yml

@@ -12,12 +12,6 @@
       - ghcr_read_token | default("") | length > 0
     fail_msg: ghcr_username and ghcr_read_token must be provided for private MicroServices image pulls.
 
-- name: Ensure OpenStaticFish MicroServices Doppler token is provided
-  assert:
-    that:
-      - doppler_openstaticfish_microservices_service_token | default("") | length > 0
-    fail_msg: doppler_openstaticfish_microservices_service_token must be provided for MicroServices runtime secrets.
-
 - name: Ensure external-secrets namespace exists
   shell: kubectl create namespace external-secrets --dry-run=client -o yaml | kubectl apply -f -
   changed_when: true
@@ -34,14 +28,6 @@
   changed_when: true
   no_log: true
 
-- name: Apply OpenStaticFish MicroServices Doppler service token secret
-  shell: >-
-    kubectl -n external-secrets create secret generic doppler-openstaticfish-microservices-service-token
-    --from-literal=dopplerToken='{{ doppler_openstaticfish_microservices_service_token | default("") }}'
-    --dry-run=client -o yaml | kubectl apply -f -
-  changed_when: true
-  no_log: true
-
 - name: Apply GHCR pull secret for private MicroServices images
   shell: >-
     kubectl -n microservices create secret docker-registry ghcr-pull-secret