Skip to content

improv(ci): Moved the secrets expanded in the run block to env variables #4370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 22, 2025

Conversation

sdangol
Copy link
Contributor

@sdangol sdangol commented Aug 22, 2025

Summary

This PR moves the secrets that were expanded in the run block of the workflows as an env variable of each step. This is done to fix the security finding from SonarQube

Changes

Please provide a summary of what's being changed

Created an env variable for the secret expanded in the run block and used that env variable instead.

Please add the issue number below, if no issue is present the PR might get blocked and not be reviewed

Issue number: closes #4369


By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@pull-request-size pull-request-size bot added the size/M PR between 30-99 LOC label Aug 22, 2025
@boring-cyborg boring-cyborg bot added the automation This item relates to automation label Aug 22, 2025
@sdangol sdangol self-assigned this Aug 22, 2025
@sdangol sdangol requested a review from sthulb August 22, 2025 12:23
Copy link

Copy link
Contributor

@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@dreamorosi dreamorosi merged commit 4942af6 into main Aug 22, 2025
39 checks passed
@dreamorosi dreamorosi deleted the improv/secret-expansion branch August 22, 2025 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
automation This item relates to automation size/M PR between 30-99 LOC
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Maintenance: Avoid Expaning Secrets in a run block in a workflow
2 participants