Skip to content

improv(ci): removed the secret inheritance and replaced with the needed secrets #4364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 22, 2025
Merged

improv(ci): removed the secret inheritance and replaced with the needed secrets #4364

merged 4 commits into from
Aug 22, 2025
+18 −4

Conversation

sdangol
Copy link
Contributor

@sdangol sdangol commented Aug 21, 2025

Summary

This PR replaces the places where a secret was inherited to a reusable workflow and instead passes the secrets that are only required which was flagged by SonarQube.

Changes

Please provide a summary of what's being changed

Changed the workflows which call a reusable workflow to not inherit all the secrets and passed the secrets which are only required.

Please add the issue number below, if no issue is present the PR might get blocked and not be reviewed

Issue number: closes #4363

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@pull-request-size pull-request-size bot added the size/S PR between 10-29 LOC label Aug 21, 2025
@boring-cyborg boring-cyborg bot added the automation This item relates to automation label Aug 21, 2025
@sdangol sdangol self-assigned this Aug 21, 2025
@sdangol sdangol requested review from dreamorosi and sthulb August 21, 2025 09:32
sthulb
sthulb previously approved these changes Aug 21, 2025
View reviewed changes
dreamorosi
dreamorosi requested changes Aug 21, 2025
View reviewed changes
@sdangol sdangol force-pushed the improv/secrets-inherit branch from 624d3e7 to 9fd379b Compare August 21, 2025 15:31
@sdangol sdangol requested a review from dreamorosi August 21, 2025 15:44
@dreamorosi dreamorosi requested a review from sthulb August 21, 2025 16:07
sthulb
sthulb previously approved these changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@sthulb sthulb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd probably use a more descriptive name though than TOKEN – TOKEN_GITHUB maybe

@sdangol sdangol force-pushed the improv/secrets-inherit branch from 460adbd to 21a7be4 Compare August 22, 2025 09:03
@sdangol sdangol requested a review from sthulb August 22, 2025 09:04
@sdangol sdangol force-pushed the improv/secrets-inherit branch from 21a7be4 to 40342ff Compare August 22, 2025 09:12
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dreamorosi dreamorosi added the do-not-merge This item should not be merged label Aug 22, 2025
@dreamorosi
Copy link
Contributor

I checked out the branch and noticed that some of the secrets are getting flagged by linting

image

Can we check if it's fine to leave as is or there's a better way?

@sdangol
Copy link
Contributor Author

sdangol commented Aug 22, 2025

@dreamorosi I think it's because we need to pass in the correct environment for this. Do you know which environment these secrets are scoped to?

@dreamorosi
Copy link
Contributor

Should be Docs

@sdangol
Copy link
Contributor Author

sdangol commented Aug 22, 2025
edited
Loading

@dreamorosi I tried adding the environment there, but the linter then complains that the property is not allowed. It seems like when using reusable workflows, we don't define the environments in the calling workflow.

Maybe the warning is because of this issue with the extension and is a false positive?

@dreamorosi dreamorosi removed the do-not-merge This item should not be merged label Aug 22, 2025
@dreamorosi dreamorosi merged commit 402f4ce into main Aug 22, 2025
41 of 42 checks passed
@dreamorosi dreamorosi deleted the improv/secrets-inherit branch August 22, 2025 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthulb sthulb sthulb approved these changes

@dreamorosi dreamorosi dreamorosi approved these changes

Assignees

@sdangol sdangol

Labels
automation This item relates to automation size/S PR between 10-29 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Pass only the required secret to workflow
3 participants
@sdangol @dreamorosi @sthulb