Skip to content

improv(ci): Inherited the secrets for update ssm workflow #4388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 26, 2025
Merged

improv(ci): Inherited the secrets for update ssm workflow #4388

merged 2 commits into from
Aug 26, 2025

Conversation

sdangol
Copy link
Contributor

@sdangol sdangol commented Aug 26, 2025

Summary

This PR allows the secrets to be inherited from the parent workflow to the Update SSM workflow to fix the issue during running the release workflow
The inheritance was previously updated because of a security finding.

Changes

Please provide a summary of what's being changed

  • Reverted the explicit specification of secrets to use inherit keyword since the update parameter SSM would use secrets for each regions

Please add the issue number below, if no issue is present the PR might get blocked and not be reviewed

Issue number: closes #4387

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@boring-cyborg boring-cyborg bot added the automation This item relates to automation label Aug 26, 2025
@sdangol sdangol self-assigned this Aug 26, 2025
@pull-request-size pull-request-size bot added the size/XS PR between 0-9 LOC label Aug 26, 2025
@sdangol sdangol requested a review from sthulb August 26, 2025 12:19
@sdangol
Copy link
Contributor Author

sdangol commented Aug 26, 2025

@sthulb One of the changes we did last time didn't succeed in the release pipeline today. This seems to be because of the secret(role) not being available to the workflow when used as a reusable workflow.
I've reverted the changes to use the inherit keyword. But, this would introduce a SonarQube finding about using inherit for secrets.
What do you suggest we should do?

dreamorosi
dreamorosi reviewed Aug 26, 2025
View reviewed changes
dreamorosi
dreamorosi reviewed Aug 26, 2025
View reviewed changes
@dreamorosi
Copy link
Contributor

I've marked them as safe on SonarCloud - let's improve the explanation documenting what we're doing, why, and how we're addressing concerns rather than just saying "it's going to trigger SonarCloud findings".

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dreamorosi dreamorosi merged commit 50da0e6 into main Aug 26, 2025
39 checks passed
@dreamorosi dreamorosi deleted the fix/update-ssm-secrets branch August 26, 2025 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dreamorosi dreamorosi dreamorosi approved these changes

@sthulb sthulb Awaiting requested review from sthulb

Assignees

@sdangol sdangol

Labels
automation This item relates to automation size/XS PR between 0-9 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Error on the Update SSM job on Make Release workflow
2 participants
@sdangol @dreamorosi