Skip to content

fix(ci): address Aikido warnings#131

Merged
triceo merged 3 commits into
mainfrom
sec
Jun 1, 2026
Merged

fix(ci): address Aikido warnings#131
triceo merged 3 commits into
mainfrom
sec

Conversation

@triceo

@triceo triceo commented Jun 1, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

Copilot AI review requested due to automatic review settings June 1, 2026 10:35
Copilot AI reviewed Jun 1, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the ScoreDirector performance regression GitHub Actions workflow to reduce CI security scanner (Aikido) warnings by avoiding direct interpolation of workflow inputs in shell scripts.

Changes:

  • Introduced per-step/job environment variables (e.g., BASELINE, BRANCH, TARGET_BRANCH, VERSION, EXAMPLE) and used them in bash scripts instead of ${{ ... }} inlined expressions.
  • Removed Maven server credential wiring from actions/setup-java.
  • Adjusted artifact naming/paths and various shell snippets to use $VARS.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/performance_score_director.yml Outdated
Comment thread .github/workflows/performance_score_director.yml Outdated
Comment thread .github/workflows/performance_score_director.yml
Comment thread .github/workflows/performance_score_director.yml
Comment thread .github/workflows/performance_score_director.yml Outdated
Comment thread .github/workflows/performance_score_director.yml Outdated
Comment thread .github/workflows/performance_score_director.yml Outdated
Comment thread .github/workflows/performance_score_director.yml
Comment thread .github/workflows/performance_score_director.yml
Comment thread .github/workflows/performance_score_director.yml Outdated
@triceo

triceo commented Jun 1, 2026

Copy link
Copy Markdown
Collaborator Author

@copilot Fix all the issues you found during review, all in one go. You are allowed to commit to the PR.

Copilot AI commented Jun 1, 2026

Copy link
Copy Markdown

@copilot Fix all the issues you found during review, all in one go. You are allowed to commit to the PR.

Fixed all four issues in commit fix(ci): restore Maven server config, fix artifact upload expressions, sanitize env inputs:

  1. Restored actions/setup-java server config (server-id, server-username, server-password) in both build_baseline and build_sut jobs, along with the job-level MVN_USERNAME/MVN_PASSWORD env vars needed for Maven to authenticate against the timefold-solver-enterprise Artifactory repository.

  2. Fixed actions/upload-artifact name: field — replaced unexpanded shell $EXAMPLE/$SANITIZED_* with ${{ matrix.example }} and ${{ env.SANITIZED_BASELINE }}/${{ env.SANITIZED_BRANCH }} which GitHub Actions evaluates correctly in with: inputs.

  3. Fixed actions/upload-artifact path: fields — replaced shell $BASELINE_DIR/$SUT_DIR with ${{ env.BASELINE_DIR }}/${{ env.SUT_DIR }}.

  4. Sanitized CR/LF in $GITHUB_ENV writes — added tr -d '\r\n' to strip newlines from user-provided inputs before writing to $GITHUB_ENV, and consolidated all four writes into a single heredoc block.

Copilot finished work on behalf of triceo June 1, 2026 10:48
@triceo
Clean up environment variables in workflow file
a9ab65c 
Removed sensitive environment variables and server credentials from the workflow configuration.
@triceo triceo merged commit 08720ee into main Jun 1, 2026
5 of 6 checks passed
@triceo triceo deleted the sec branch June 1, 2026 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@triceo