Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Bug: Some GitHub Actions workflows are using vars instead of secrets, can cause potential security risks #686

Closed
3 tasks
aialok opened this issue Apr 1, 2024 · 2 comments
Closed
3 tasks

🐛 Bug: Some GitHub Actions workflows are using vars instead of secrets, can cause potential security risks #686

aialok opened this issue Apr 1, 2024 · 2 comments
Labels
🐛 Bug Something isn't working Status: On Hold Similar to blocked, but is assigned to someone.

Comments

@aialok
Copy link
Member

aialok commented Apr 1, 2024
edited
Loading

GitHub Discussion: # / NA

Summary:

  • We're currently using variables in some GitHub Actions workflows for the Slack webhook URL, which raises the risk of its exposure. To prevent this, we should replace variables with secrets.

Do you think resolving this issue might require an Architectural Decision Record (ADR)? (significant or noteworthy)

Yes/No

  • No

Details:
Required to resolve
These are the workflows that need to be fixed:

Any further requirements to resolve this issue
@aialok
Copy link
Member Author

aialok commented Apr 1, 2024

I would love to work on this issue : )
Please assign this to me.

@benjagm benjagm added 🐛 Bug Something isn't working Status: On Hold Similar to blocked, but is assigned to someone. labels Apr 2, 2024
@benjagm benjagm moved this to On Hold in Website Contributor Board Apr 2, 2024
@aialok aialok linked a pull request May 19, 2024 that will close this issue
Bug: Fixes failed ocwm-issue-collector.yml workflow #720
Merged
@aialok aialok removed a link to a pull request May 19, 2024
Bug: Fixes failed ocwm-issue-collector.yml workflow #720
Merged
@benjagm
Copy link
Collaborator

benjagm commented Nov 1, 2024

Closed as completed.

@benjagm benjagm closed this as completed Nov 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 Bug Something isn't working Status: On Hold Similar to blocked, but is assigned to someone.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benjagm @aialok