community icon indicating copy to clipboard operation
community copied to clipboard
verified publisher icon json-schema-org

🐛 Bug: Some GitHub Actions workflows are using vars instead of secrets, can cause potential security risks

Open aialok opened this issue 1 year ago • 1 comments

GitHub Discussion: # / NA

Summary:

  • We're currently using variables in some GitHub Actions workflows for the Slack webhook URL, which raises the risk of its exposure. To prevent this, we should replace variables with secrets.

Do you think resolving this issue might require an Architectural Decision Record (ADR)? (significant or noteworthy)

Yes/No

  • No

Details: Required to resolve These are the workflows that need to be fixed:

  • [ ] https://github.com/json-schema-org/community/blob/main/.github/workflows/ocwm-reminders.yml
  • [ ] https://github.com/json-schema-org/community/blob/main/.github/workflows/failed-actions-notify.yml
  • [ ] https://github.com/json-schema-org/community/blob/main/.github/workflows/ocwm-creator.yml

Any further requirements to resolve this issue

aialok avatar Apr 01 '24 09:04 aialok

I would love to work on this issue : ) Please assign this to me.

aialok avatar Apr 01 '24 09:04 aialok