fix: remove any directory that may hold secrets (if any) #2892
Conversation
ankitm123
force-pushed
the
remove-tmp-secret
branch
from
0b76f38
to
f0b1f8b
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cc @rawlingsj |
|
/hold |
Signed-off-by: ankitm123 <ankitmohapatra123@gmail.com>
ankitm123
force-pushed
the
remove-tmp-secret
branch
from
f0b1f8b
to
fa2ce21
Compare
|
/hold cancel |
| @@ -5,6 +5,9 @@ KUBEAPPLY ?= kubectl-apply | |||
| HELM_TMP_GENERATE ?= /tmp/generate | |||
| HELM_TMP_SECRETS ?= /tmp/secrets/jx-helm | |||
|
|
|||
| # Prevent accidental git commit of secrets | |||
| HELM_TMP_SECRETS_WORKSPACE ?= /workspace/source/tmp/secrets/jx-helm | |||
There was a problem hiding this comment.
The only reason not to do HELM_TMP_SECRETS_WORKSPACE ?= /workspace/source/$(HELM_TMP_SECRETS) is that if someone sets HELM_TMP_SECRETS to /, then this can wipe out the git repo.
|
@ankitm123: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the jenkins-x/lighthouse repository. I understand the commands that are listed here. |
| @@ -13,6 +13,7 @@ approvers: | |||
| - warrenbailey | |||
| - jenkins-x-labs-bot | |||
| - cloudbees-ci-cd[bot] | |||
| - ankitm123 | |||
There was a problem hiding this comment.
Let's keep this as they are for the time being as this is the final quality gate. I was planning on reducing the number of approvers later this week while doing a review of all permissions in the org
Signed-off-by: ankitm123 ankitmohapatra123@gmail.com
Tested on my local k3s set up.