Skip to content

ci: reduce the scope of acceptance test secrets #1137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Ron (rjaegers) merged 6 commits into from
Feb 25, 2026
Merged

ci: reduce the scope of acceptance test secrets #1137

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c1200be
ci: reduce the scope of acceptance test secrets
rjaegers Feb 5, 2026
2bbcc8e
ci: different strategy to use environment secrets
rjaegers Feb 24, 2026
953532d
Merge branch 'main' into ci/reduce-scope-of-secrets
rjaegers Feb 24, 2026
399c1fe
ci: try to get environment at the correct place
rjaegers Feb 24, 2026
2ff00bb
ci: don't run acceptance test for dependabot
rjaegers Feb 24, 2026
4c3089b
ci: update condition
rjaegers Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .github/workflows/continuous-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,6 @@ jobs:
matrix:
flavor: [cpp, rust]
uses: ./.github/workflows/wc-build-push-test.yml
secrets:
TEST_GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}
TEST_GITHUB_USER: ${{ secrets.TEST_GITHUB_USER }}
TEST_GITHUB_PASSWORD: ${{ secrets.TEST_GITHUB_PASSWORD }}
TEST_GITHUB_TOTP_SECRET: ${{ secrets.TEST_GITHUB_TOTP_SECRET }}
permissions:
actions: read # is needed by anchore/sbom-action to find workflow artifacts when attaching release assets
attestations: write # is needed by actions/attest-build-provenance to push attestations
Expand Down
10 changes: 1 addition & 9 deletions .github/workflows/wc-acceptance-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,6 @@ on:
acceptance-test-path:
required: true
type: string
secrets:
TEST_GITHUB_TOKEN:
required: true
TEST_GITHUB_USER:
required: true
TEST_GITHUB_PASSWORD:
required: true
TEST_GITHUB_TOTP_SECRET:
required: true

concurrency:
group: ${{ github.workflow }}
Expand All @@ -34,6 +25,7 @@ jobs:
test:
name: Acceptance Test
runs-on: ubuntu-latest
environment: acceptance-testing
steps:
Comment thread
rjaegers marked this conversation as resolved.
- uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
Expand Down
13 changes: 0 additions & 13 deletions .github/workflows/wc-build-push-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,6 @@ on:
DOCKER_REGISTRY_USERNAME:
description: User name for Docker login, if not provided the GitHub actor will be used
required: false
TEST_GITHUB_PASSWORD:
required: false
TEST_GITHUB_TOKEN:
required: false
TEST_GITHUB_TOTP_SECRET:
required: false
TEST_GITHUB_USER:
required: false

permissions: {}

Expand Down Expand Up @@ -153,11 +145,6 @@ jobs:
uses: ./.github/workflows/wc-acceptance-test.yml
permissions:
contents: read
secrets:
TEST_GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}
TEST_GITHUB_USER: ${{ secrets.TEST_GITHUB_USER }}
TEST_GITHUB_PASSWORD: ${{ secrets.TEST_GITHUB_PASSWORD }}
TEST_GITHUB_TOTP_SECRET: ${{ secrets.TEST_GITHUB_TOTP_SECRET }}
with:
image-basename: ${{ needs.build-push.outputs.image-basename }}
devcontainer-file: ${{ inputs.test-devcontainer-file }}
Expand Down
Loading