fix: sonar issues: Address security concerns regarding github actions#1622
fix: sonar issues: Address security concerns regarding github actions#1622jcraiglo1 wants to merge 2 commits into
Conversation
…ions Signed-off-by: Jacob Craiglow <[email protected]>
|
/run-e2e |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThis change replaces floating GitHub Actions tags with commit-pinned references across composite actions and CI, build, maintenance, API E2E, and UI E2E workflows. Selected checkout steps disable persisted credentials, and PDE uploads use environment variables. ChangesWorkflow hardening
Estimated code review effort: 3 (Moderate) | ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
/run-atf-tests |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ui-e2e.yml:
- Around line 157-164: Quote the EDA_USERNAME and EDA_PASSWORD variable
expansions in the docker run command within the workflow’s run block so each
secret is passed as a single argument, preserving values containing spaces or
glob characters.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 8a940ff1-d11f-4219-bd22-cf805bd39a59
📒 Files selected for processing (11)
.github/actions/lint/action.yml.github/actions/test/action.yml.github/actions/validate-openapi-spec/action.yml.github/workflows/autoupdate-poetry.yml.github/workflows/build-image.yml.github/workflows/ci.yaml.github/workflows/e2e-dispatch.yml.github/workflows/scheduled.yml.github/workflows/sonar-pr.yml.github/workflows/sync-openapi-spec.yml.github/workflows/ui-e2e.yml
Codecov Report✅ All modified and coverable lines are covered by tests. @@ Coverage Diff @@
## main #1622 +/- ##
=======================================
Coverage 92.75% 92.75%
=======================================
Files 244 244
Lines 11346 11346
=======================================
Hits 10524 10524
Misses 822 822
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
❌ Test Results - FAILEDSummary
Pass Rate: 50.0% ❌ Failed Tests
|
…ions Signed-off-by: Jacob Craiglow <[email protected]>
|



https://redhat.atlassian.net/browse/AAP-77394
One of multiple Sonarcloud PRs. Addresses multiple security concerns by:
Assisted-by: Claude
Summary by CodeRabbit
Security & Reliability
persist-credentials: false) on checkout steps where applicable.Workflow Maintenance