Summary
All oc login commands in our GitHub Actions workflows use --insecure-skip-tls-verify, including production deploys. This disables TLS certificate validation and exposes CI to man-in-the-middle attacks.
Affected files
.github/workflows/components-build-deploy.yml — lines 209, 330, 363, 438 (staging/dev).github/workflows/prod-release-deploy.yaml — lines 348, 475 (production)
Proposed fix
Replace --insecure-skip-tls-verify with --certificate-authority=<path> referencing the cluster's CA bundle (injected as a GitHub Actions secret or checked into the repo if non-sensitive). If the clusters use publicly trusted certs, the flag can simply be removed.
Risk
Until fixed, a network-level attacker could intercept the oc login token exchange in CI and gain cluster access.
Summary
All
oc logincommands in our GitHub Actions workflows use--insecure-skip-tls-verify, including production deploys. This disables TLS certificate validation and exposes CI to man-in-the-middle attacks.Affected files
.github/workflows/components-build-deploy.yml— lines 209, 330, 363, 438 (staging/dev).github/workflows/prod-release-deploy.yaml— lines 348, 475 (production)Proposed fix
Replace
--insecure-skip-tls-verifywith--certificate-authority=<path>referencing the cluster's CA bundle (injected as a GitHub Actions secret or checked into the repo if non-sensitive). If the clusters use publicly trusted certs, the flag can simply be removed.Risk
Until fixed, a network-level attacker could intercept the
oc logintoken exchange in CI and gain cluster access.