Skip to content

fix: updates to GitHub Actions workflows to improve security and streamline triggers #518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 24, 2025
Merged

fix: updates to GitHub Actions workflows to improve security and streamline triggers #518

merged 2 commits into from
Apr 24, 2025

Conversation

@Roopan-Microsoft
Copy link
Contributor

@Roopan-Microsoft Roopan-Microsoft commented Apr 24, 2025

Purpose

  • This pull request includes updates to GitHub Actions workflows to improve security and streamline triggers. The most important changes involve updating the token used for authentication and modifying the trigger conditions for a specific workflow.

Security improvement:

  • .github/workflows/Create-Release.yml: Updated the GITHUB_TOKEN environment variable to use secrets.GITHUB_TOKEN instead of secrets.TOKEN, ensuring alignment with standard GitHub practices for secure token management.

Trigger condition simplification:

  • .github/workflows/azure-dev-validation.yml: Removed the push event trigger for the dev and main branches, leaving only the workflow_dispatch trigger to allow manual execution of the Azure Template Validation workflow.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Copilot AI review requested due to automatic review settings April 24, 2025 18:22
Copilot AI reviewed Apr 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request updates GitHub Actions workflows to improve security and streamline trigger conditions.

  • Updated Create-Release.yml to use secrets.GITHUB_TOKEN for secure token management.
  • Removed push event triggers in azure-dev-validation.yml to allow only manual (workflow_dispatch) triggering.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/azure-dev-validation.yml Removed push triggers for dev and main branches to rely solely on manual triggering.
.github/workflows/Create-Release.yml Updated environment variable to use secrets.GITHUB_TOKEN for enhanced security.

@Roopan-Microsoft Roopan-Microsoft merged commit 83e8ac4 into main Apr 24, 2025
8 checks passed
@github-actions
Copy link

github-actions bot commented Apr 24, 2025

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Vinay-Microsoft Vinay-Microsoft Vinay-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Roopan-Microsoft @Vinay-Microsoft