**REMINDER****IMPORTANT** **ACTION REQUIRED** Migration of ubuntu-latest label to platform-eng-ent-v2-dual #108
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* use self hosted runner on platform for testing * add nodejs setup * set all 3 stages to self hosted agent * add to github runner setup * Update terraform.yaml * set precommit cache * add name to precommit cache * remove terraform locking * skip more hooks * remove validate skip * protect label name and enable self hosted runner by default * remove setup correct runner flag * test literal * try double quotes * test setup runner * test * set runner label via secrets * set to env var * harcode test * remove secrets add inputs * fix actionlint --------- Co-authored-by: Poh Peng <[email protected]>
Co-authored-by: Poh Peng <[email protected]>
Co-authored-by: Poh Peng <[email protected]>
* test public * test default label * test self hosted * test without runner label * default is ubuntu * test labels * add examples --------- Co-authored-by: Poh Peng <[email protected]>
#39) Co-authored-by: Poh Peng <[email protected]>
Co-authored-by: Poh Peng <[email protected]>
* Allow docker login to fail as not all have credentials * only user dockerhub login if its not null creds * check both creds * set correct token * update README --------- Co-authored-by: Poh Peng <[email protected]>
* fix warnings (#36) Co-authored-by: Poh Peng <[email protected]> * update python action (#37) Co-authored-by: Poh Peng <[email protected]> * Cache TFLint plugins and use authenticated API calls - https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting - Caching example: https://github.com/terraform-linters/setup-tflint#usage * Use target * Runner OS --------- Co-authored-by: Poh Peng Ric Wang <[email protected]> Co-authored-by: Poh Peng <[email protected]>
* refactor to run only against changed files * update tflint side * add inputs * Remove cron workflow --------- Co-authored-by: Poh Peng <[email protected]>
Forcing in to test the merge group fix in cloud config * test merge event * update ref * use base ref * update to new keywords of Github to fix merge group checks failing --------- Co-authored-by: Poh Peng <[email protected]>
Co-authored-by: Poh Peng <[email protected]>
Co-authored-by: Poh Peng <[email protected]>
…st diffs (#50) Force merge to do live-testing in cloud config * rebase * test workflow trigger for PR, MG and main * fix missing condition * add condition for checking event * test main github sha env var * add in for linting * refactor for merge queue --------- Co-authored-by: Poh Peng <[email protected]>
urgent fix
* test fork pr * test expression * add forktest * sort out spacing --------- Co-authored-by: Poh Peng <[email protected]> merging for monitoring v2 in production
* Update terraform.yaml * Update terraform.yaml * Update terraform.yaml * Update terraform.yaml
* fix warnings (#36) Co-authored-by: Poh Peng <[email protected]> * update python action (#37) Co-authored-by: Poh Peng <[email protected]> * Added Reusable Workflow for Trivy Scan for ECS/Docker Container * Fix the precommit formatting * Fixing the double quotes issue --------- Co-authored-by: Poh Peng Ric Wang <[email protected]> Co-authored-by: Poh Peng <[email protected]>
Co-authored-by: thepoppingone <[email protected]>
Co-authored-by: thepoppingone <[email protected]>
* Add trivy scan for testing * update output format * Use 0.13.0 * use version * version lock trivy action * use 0.12.0 * upload results * Test with sed * Update terraform.yaml * Update terraform.yaml --------- Co-authored-by: Poh Peng <[email protected]>
* Add option to skip framework in checkov * Fix space --------- Co-authored-by: “Subramanian <“[email protected]”>
* Upload checkov SARIF * Change trivy sarif to v3 as well * Upgrade version * Update helm * disable trivy * continue on error * Remove condition * Add soft fail as true * Add files changed * Add Trivy back * Remove continue on error --------- Co-authored-by: “Subramanian <“[email protected]”>
* disable sarif upload * disable sarif upload * change exit-code --------- Co-authored-by: niroz89 <[email protected]>
* fix trivy scan and update * fix trivy scan and update
Co-authored-by: “Subramanian <“[email protected]”>
* [CIRDEVOPS-2553] parameterize trivy output format * [CIRDEVOPS-2553] parameterize trivy output filename * [CIRDEVOPS-2553] parameterize trivy output filename [1] * [CIRDEVOPS-2553] Add parameter to inspect trivy output * [CIRDEVOPS-2553] When trivy inspect is on, upload result as an artifact
* update GitHub Security Alerts for JIRA workflow * Update the workflow versions
* switch to enable only format and validate * add switch to select format, lint or security * add switch to select format, lint or security * add switch to select format, lint or security
#107) * [PFMENG-2854] Use enterprise runner for newrelic deployment market job * [PFMENG-2854] Configures actionlint to allow custom runner label
zodilib
requested review from
gowripadmajas,
Deepak9877 and
panchalnimesh
and removed request for
a team
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| with: | ||
| apiKey: ${{ secrets.NEW_RELIC_API_KEY }} | ||
| region: "US" | ||
| guid: ${{ secrets[format('NEW_RELIC_DEPLOYMENT_ENTITY_GUID_{0}', inputs.app_name )] }} |
Check warning
Code scanning / CodeQL
Excessive Secrets Exposure Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we need to avoid using dynamic secret access patterns and instead explicitly specify the secrets required for each environment. This can be achieved by using conditional statements to set the appropriate secret based on the input value.
- Replace the dynamic secret access pattern with explicit secret references.
- Use conditional statements to set the appropriate secret based on the
inputs.app_namevalue. - Update the
guidfield in the workflow to use the correct secret.
Suggested changeset
1
.github/workflows/newrelic-deployment.yaml
| @@ -58,3 +58,3 @@ | ||
| region: "US" | ||
| guid: ${{ secrets[format('NEW_RELIC_DEPLOYMENT_ENTITY_GUID_{0}', inputs.app_name )] }} | ||
| guid: ${{ inputs.app_name == 'APP1' && secrets.NEW_RELIC_DEPLOYMENT_ENTITY_GUID_APP1 || inputs.app_name == 'APP2' && secrets.NEW_RELIC_DEPLOYMENT_ENTITY_GUID_APP2 || inputs.app_name == 'APP3' && secrets.NEW_RELIC_DEPLOYMENT_ENTITY_GUID_APP3 }} | ||
| version: "${{ inputs.version }}" |
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automated PR: This PR updates ubuntu-latest runner labels to platform-eng-ent-v2-dual. Migration Deadline is 31st March 2025