Skip to content

CCM-11938: build specification artefacts#178

Closed
masl2 wants to merge 1 commit into
mainfrom
feature/CCM-11938_build-oas-specs
Closed

CCM-11938: build specification artefacts#178
masl2 wants to merge 1 commit into
mainfrom
feature/CCM-11938_build-oas-specs

Conversation

@masl2

@masl2 masl2 commented Oct 1, 2025

Copy link
Copy Markdown
Contributor

Description

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@sonarqubecloud

sonarqubecloud Bot commented Oct 1, 2025

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

github-advanced-security[bot]
github-advanced-security AI found potential problems Oct 1, 2025
View reviewed changes
Comment thread .github/actions/build-oas-sandbox/action.yml
run: |
if [ -n "${{ github.event.release.tag_name }}" ]; then
echo "SANDBOX_TAG=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
elseif [ -n "${{ inputs.pr_number }}" ]; then

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
Comment thread .github/actions/build-oas-sandbox/action.yml
if [ -n "${{ github.event.release.tag_name }}" ]; then
echo "SANDBOX_TAG=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
elseif [ -n "${{ inputs.pr_number }}" ]; then
echo "SANDBOX_TAG=pr${{ inputs.pr_number }}" >> $GITHUB_ENV

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
Comment thread .github/actions/build-oas/action.yml
- name: Determing backend env
shell: bash
run: |
if [ -n "${{ inputs.pr_number }}" ]; then

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
Comment thread .github/actions/build-oas/action.yml
shell: bash
run: |
if [ -n "${{ inputs.pr_number }}" ]; then
echo "BACKEND_ENV=pr${{ inputs.pr_number }}" >> $GITHUB_ENV

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
Comment thread .github/actions/build-oas/action.yml
- name: Setup Proxy Name and target
shell: bash
run: |
echo "INSTANCE=${{ inputs.api_name }}-$BACKEND_ENV" >> $GITHUB_ENV

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
Comment thread .github/actions/build-oas/action.yml
run: |
echo "INSTANCE=${{ inputs.api_name }}-$BACKEND_ENV" >> $GITHUB_ENV
echo "MTLS_NAME=notify-supplier-mtls-$BACKEND_ENV" >> $GITHUB_ENV
echo "TARGET=https://$BACKEND_ENV.suppliers.${{ inputs.backend_account }}.nhsnotify.national.nhs.uk" >> $GITHUB_ENV

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
Comment thread .github/actions/build-oas/action.yml
working-directory: .
shell: bash
run: |
make build-json-oas-spec APIM_ENV=${{ inputs.apim_env }}

Check failure

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

Change this action to not use user-controlled data directly in a run block. See more on SonarQube Cloud
@masl2 masl2 closed this Oct 2, 2025
@masl2 masl2 deleted the feature/CCM-11938_build-oas-specs branch October 30, 2025 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@masl2 @github-advanced-security