Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security fixes and updates in benchmark workflows #14928

Merged
merged 1 commit into from
Jul 24, 2024
Merged

Security fixes and updates in benchmark workflows #14928

merged 1 commit into from
Jul 24, 2024

Conversation

rishabh6788
Copy link
Contributor

Description

To harden the security around arbitrary code injection and a developer pushing malicious code just after the maintainer has approved the workflow moving the logic to set up environment variables with respect to pull request details before the maintainer approval step.
Also, instead of using github ref of the head repo, using commit sha to check out the head repo code so that the code that was reviewed by the maintainer before approving the workflow is checked out, built and deployed to create cluster.

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • [ ] Functionality includes testing.
  • [ ] API changes companion pull request created, if applicable.
  • [ ] Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@rishabh6788
Security fixes and updates
4746603 
Signed-off-by: Rishabh Singh <[email protected]>
@rishabh6788 rishabh6788 requested a review from peternied as a code owner July 23, 2024 19:33
@rishabh6788
Copy link
Contributor Author

rishabh6788 commented Jul 23, 2024
edited
Loading

@reta @andrross Some minor updates to benchmark workflows.

dblock
dblock approved these changes Jul 24, 2024
View reviewed changes
Copy link
Member

@dblock dblock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dblock dblock merged commit e749424 into opensearch-project:main Jul 24, 2024
33 of 34 checks passed
@dblock
Copy link
Member

dblock commented Jul 24, 2024

No backport to 2.x, or?

@rishabh6788
Copy link
Contributor Author

@dblock As per https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment, This event will only trigger a workflow run if the workflow file is on the default branch.. Even if we back-port it to 2.x, only main branch workflow will be triggered.

harshavamsi pushed a commit to harshavamsi/OpenSearch that referenced this pull request Aug 20, 2024
@rishabh6788 @harshavamsi
Security fixes and updates (opensearch-project#14928)
a3ed9b4 
Signed-off-by: Rishabh Singh <[email protected]>
wdongyu pushed a commit to wdongyu/OpenSearch that referenced this pull request Aug 22, 2024
@rishabh6788
Security fixes and updates (opensearch-project#14928)
7c75162 
Signed-off-by: Rishabh Singh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dblock dblock dblock approved these changes

@peternied peternied Awaiting requested review from peternied peternied is a code owner

Assignees
No one assigned
Labels
skip-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rishabh6788 @dblock