internal/task: use relui service account instead of secret for git authn

Remove reliance on the secret in Secret Manager in one more place. This
is easier to do now that the GenerateAutoSubmitChange implementation is
done and handles all of the intended edge cases; it was very helpful be
able to iterate with a shorter feedback loop during earlier development
stages.

For golang/go#69095.

Change-Id: I103278cfde8df10c8a9f0807607a2a545fa2e376
Reviewed-on: https://go-review.googlesource.com/c/build/+/658018
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Dmitri Shuralyov <[email protected]>

Author: dmitshur

internal/task/cloudbuild.go

@@ -20,7 +20,6 @@ import (
 	"cloud.google.com/go/storage"
 	"golang.org/x/build/gerrit"
 	"golang.org/x/build/internal/gcsfs"
-	"golang.org/x/build/internal/secret"
 	wf "golang.org/x/build/internal/workflow"
 )
 
@@ -208,7 +207,7 @@ func (c *RealCloudBuildClient) GenerateAutoSubmitChange(ctx *wf.TaskContext, inp
 
 	const (
 		buildStepGitCommit = 4
-		buildStepGitPush   = 7
+		buildStepGitPush   = 6
 	)
 	buildStepOutput := func(b *cloudbuildpb.Build, buildStep int) []byte {
 		out := b.GetResults().GetBuildStepOutputs()
@@ -266,10 +265,6 @@ func (c *RealCloudBuildClient) GenerateAutoSubmitChange(ctx *wf.TaskContext, inp
 					Args: []string{"show", "HEAD"},
 					Dir:  "checkout",
 				},
-				{
-					Name: "bash", Args: []string{"-c", `touch .gitcookies && chmod 0600 .gitcookies && printf ".googlesource.com\tTRUE\t/\tTRUE\t2147483647\to\tgit-gobot.golang.org=$$GOBOT_TOKEN\n" >> .gitcookies`},
-					SecretEnv: []string{"GOBOT_TOKEN"},
-				},
 				buildStepGitPush: {
 					Name:       "gcr.io/cloud-builders/git",
 					Entrypoint: "bash",
@@ -279,26 +274,15 @@ func (c *RealCloudBuildClient) GenerateAutoSubmitChange(ctx *wf.TaskContext, inp
 					//
 					// Whether the push successfully created a CL or not will be determined from
 					// the output text.
-					Args: []string{"-c", `git -c http.cookieFile=../.gitcookies push origin ` + refspec + ` 2>&1 | tee "$$BUILDER_OUTPUT/output"`},
+					Args: []string{"-c", `git push origin ` + refspec + ` 2>&1 | tee "$$BUILDER_OUTPUT/output"`},
 					Dir:  "checkout",
 				},
-				{
-					Name: "bash", Args: []string{"-c", "rm .gitcookies"},
-				},
 			},
 			Options: &cloudbuildpb.BuildOptions{
 				MachineType: cloudbuildpb.BuildOptions_E2_HIGHCPU_8,
 				Logging:     cloudbuildpb.BuildOptions_CLOUD_LOGGING_ONLY,
 			},
 			ServiceAccount: c.ScriptAccount,
-			AvailableSecrets: &cloudbuildpb.Secrets{
-				SecretManager: []*cloudbuildpb.SecretManagerSecret{
-					{
-						VersionName: "projects/" + c.ScriptProject + "/secrets/" + secret.NameGobotPassword + "/versions/latest",
-						Env:         "GOBOT_TOKEN",
-					},
-				},
-			},
 		},
 	})
 	if err != nil {