Skip to content

BUILD-11405: Changes the environment tag associated with the SCA Check#260

Merged
bwalsh434 merged 1 commit into
masterfrom
bugfix/bwalsh/BUILD-11405-fix-check-sca-associating-itself-with-dev-deploys
May 19, 2026
Merged

BUILD-11405: Changes the environment tag associated with the SCA Check#260
bwalsh434 merged 1 commit into
masterfrom
bugfix/bwalsh/BUILD-11405-fix-check-sca-associating-itself-with-dev-deploys

Conversation

@bwalsh434
Copy link
Copy Markdown
Contributor

@bwalsh434 bwalsh434 commented May 18, 2026

Context

Follow-up ticket from PREQ-5827 and #259 , which fixed the OIDC issue, but associated the check-sca check with every dev deployment (example in slack).

What Changed?

  • We fix the above stated issue by changing the environment value to something completely unique here, environment: sca-checking

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown

hashicorp-vault-sonar-prod Bot commented May 18, 2026
edited by atlassian Bot
Loading

BUILD-11405

@bwalsh434 bwalsh434 force-pushed the bugfix/bwalsh/BUILD-11405-fix-check-sca-associating-itself-with-dev-deploys branch from 8d38cf4 to 8ea02b5 Compare May 18, 2026 19:52
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 18, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bwalsh434 bwalsh434 marked this pull request as ready for review May 18, 2026 19:59
@bwalsh434 bwalsh434 requested a review from a team as a code owner May 18, 2026 19:59
Copilot AI review requested due to automatic review settings May 18, 2026 19:59
@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 18, 2026
edited
Loading

Summary

This PR fixes an unintended side effect from PR #259 by changing the GitHub Actions workflow's environment value from dev to sca-checking.

The previous use of dev caused the SCA check job to be associated with all dev deployments in GitHub, when it should only run as a pre-merge security check. Using a unique environment identifier prevents unwanted triggering on deployment events.

What reviewers should know

What to review:

  • The single-line change in .github/workflows/check-sca.yml (environment field)
  • Verify the new environment name sca-checking is unique enough to avoid future conflicts

Context:

  • This is a GitHub Actions environment configuration used for OIDC token claims (see inline comment)
  • The environment value doesn't affect the check's functionality, only GitHub's event associations
  • No new credentials or permissions needed — the environment just needs to exist in the repository settings (may already be auto-created by GitHub)
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

Copilot AI reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the SCA check workflow so its OIDC environment claim no longer uses dev, avoiding accidental association with development deployments while still satisfying Vault’s required environment claim.

Changes:

  • Replaces environment: dev with environment: sca-checking.
  • Updates the inline comment to explain the dedicated environment value.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@bwalsh434 bwalsh434 merged commit 8b7317e into master May 19, 2026
25 checks passed
@bwalsh434 bwalsh434 deleted the bugfix/bwalsh/BUILD-11405-fix-check-sca-associating-itself-with-dev-deploys branch May 19, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matemoln matemoln matemoln approved these changes

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bwalsh434 @matemoln