π Bug: Some GitHub Actions workflows are using vars instead of secrets, can cause potential security risks
aialok opened this issue Β· comments
GitHub Discussion: # / NA
Summary:
- We're currently using variables in some GitHub Actions workflows for the Slack webhook URL, which raises the risk of its exposure. To prevent this, we should replace variables with secrets.
Do you think resolving this issue might require an Architectural Decision Record (ADR)? (significant or noteworthy)
Yes/No
- No
Details:
Required to resolve
These are the workflows that need to be fixed:
- https://github.com/json-schema-org/community/blob/main/.github/workflows/ocwm-reminders.yml
- https://github.com/json-schema-org/community/blob/main/.github/workflows/failed-actions-notify.yml
- https://github.com/json-schema-org/community/blob/main/.github/workflows/ocwm-creator.yml
Any further requirements to resolve this issue
I would love to work on this issue : )
Please assign this to me.