Skip to content

Limit secrets passed to reusable workflows#47258

Merged
jscheffl merged 1 commit intomainfrom
limit-secrets-passed
Mar 1, 2025
Merged

Limit secrets passed to reusable workflows#47258
jscheffl merged 1 commit intomainfrom
limit-secrets-passed

Conversation

@potiuk
Copy link
Copy Markdown
Member

@potiuk potiuk commented Mar 1, 2025

Good practice (pointed out by zizmor) is to explicitly only pass the needed secrets to called reusable workflows. This PR does exactly this.

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@potiuk potiuk added the canary When set on PR running from apache repo - behave as canary run label Mar 1, 2025
@potiuk potiuk requested a review from ashb as a code owner March 1, 2025 16:36
@potiuk potiuk mentioned this pull request Mar 1, 2025
Closed
@potiuk potiuk force-pushed the limit-secrets-passed branch 2 times, most recently from 907f41c to eb32143 Compare March 1, 2025 17:02
gopidesupavan
gopidesupavan approved these changes Mar 1, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@gopidesupavan gopidesupavan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome :)

@potiuk @jscheffl
Limit secrets passed to reusable workflows
a0bb2c9 
Good practice (pointed out by zizmor) is to explicitly only pass
the needed secrets to called reusable workflows. This PR does
exactly this.
@jscheffl jscheffl force-pushed the limit-secrets-passed branch from eb32143 to a0bb2c9 Compare March 1, 2025 22:06
@jscheffl
Copy link
Copy Markdown
Contributor

jscheffl commented Mar 1, 2025

Merging to un-block other PRs. Leftover static check problems were fixed in #47259

@jscheffl jscheffl merged commit f015a94 into main Mar 1, 2025
87 of 89 checks passed
shahar1 pushed a commit to shahar1/airflow that referenced this pull request Mar 5, 2025
@potiuk @shahar1
Limit secrets passed to reusable workflows (apache#47258)
ed4154c 
Good practice (pointed out by zizmor) is to explicitly only pass
the needed secrets to called reusable workflows. This PR does
exactly this.
nailo2c pushed a commit to nailo2c/airflow that referenced this pull request Apr 4, 2025
@potiuk @nailo2c
Limit secrets passed to reusable workflows (apache#47258)
9b76772 
Good practice (pointed out by zizmor) is to explicitly only pass
the needed secrets to called reusable workflows. This PR does
exactly this.
@eladkal eladkal deleted the limit-secrets-passed branch April 20, 2025 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gopidesupavan gopidesupavan gopidesupavan approved these changes

@jscheffl jscheffl jscheffl approved these changes

@ashb ashb Awaiting requested review from ashb ashb is a code owner

+1 more reviewer

@enchant3dmango enchant3dmango enchant3dmango approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area:dev-tools canary When set on PR running from apache repo - behave as canary run

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@potiuk @jscheffl @gopidesupavan @enchant3dmango