DEVOPS-990: changing the Remove git credentials to fix the bump from 5 to 6. #162
DEVOPS-990: changing the Remove git credentials to fix the bump from 5 to 6. #162RomFloreani merged 5 commits intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions reusable workflows to align with a newer actions/checkout major version and adjusts credential-cleanup behavior for workflows that persist credentials during additional git operations.
Changes:
- Bump
actions/checkoutfrom@v5to@v6across multiple reusable workflows. - Update “Remove git credentials” steps (where present) to unset
include.pathin local git config.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/reusable-zizmor-security.yml | Bumps checkout action to @v6 for Zizmor security scan workflow. |
| .github/workflows/reusable-zizmor-annotate.yml | Bumps checkout action to @v6 for Zizmor annotate workflow. |
| .github/workflows/reusable-zizmor-advanced-security.yml | Bumps checkout action to @v6 for advanced security scan workflow. |
| .github/workflows/reusable-python-static_analysis.yml | Bumps checkout action to @v6 and changes credential removal command. |
| .github/workflows/reusable-python-pytest.yml | Bumps checkout action to @v6 for pytest workflow. |
| .github/workflows/reusable-python-publish_rattler_package.yml | Bumps checkout action to @v6 for rattler publish workflow. |
| .github/workflows/reusable-python-build_setuptools_package.yml | Bumps checkout action to @v6 for setuptools build workflow. |
| .github/workflows/reusable-python-build_poetry_package.yml | Bumps checkout action to @v6 for poetry build workflow. |
| .github/workflows/reusable-pre_commit.yml | Bumps checkout action to @v6 and changes credential removal command. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@RomFloreani , good to merge.
|
DEVOPS-990 - "Remove git credentials" step failing with exit code 5 after upgrading to actions/checkout@v6
Changes
Updated reusable-pre_commit.yml and reusable-python-static_analysis.yml
Now attempts to unset both credential keys to handle either checkout version
Uses || [ $? -eq 5 ] to gracefully handle the "key not found" case while still failing on any other error (e.g. permission issues), preserving the security guarantee that credentials are confirmed removed before subsequent steps run
Security.
Ignoring exit code 5 is safe: it means the key was never present, so no credentials exist to leak. Any other failure (real removal error) still causes the pipeline to stop