Skip to content

VED-1223: Update permissions to auto-ops role so the pipeline can apply terraform changes at account level #1384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Thomas-Boyle merged 29 commits into from
Apr 13, 2026

Refactor bucket resolution script to output bucket name and exit

2ce0cdc
Select commit
Loading
Failed to load commit list.
Merged

VED-1223: Update permissions to auto-ops role so the pipeline can apply terraform changes at account level #1384

Refactor bucket resolution script to output bucket name and exit
2ce0cdc
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / SonarCloud failed Apr 7, 2026 in 4s

6 new alerts including 6 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 6 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 41 in .github/workflows/account-terraform.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

inputs.base\_sha is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud

Check failure on line 46 in .github/workflows/account-terraform.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

inputs.head\_sha is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud

Check failure on line 94 in .github/workflows/account-terraform.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud

Check failure on line 101 in .github/workflows/account-terraform.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud

Check failure on line 166 in .github/workflows/account-terraform.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud

Check failure on line 173 in .github/workflows/account-terraform.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud