-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Environment Lock #693
base: main
Are you sure you want to change the base?
Environment Lock #693
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For this one, and the images repo, we'll need to come up with some way that people can run this workflow and push an unreviewed image to a the images-dev repo. Maybe we need to create a second set of credentials gh-images-dev-deployer
that can be activated instead?
What do you think?
That sounds appropriate! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great to me!! FYI @vivbak, @jmarshall, @MattWellie
Delicious 🍰 |
Description
In a bid to introduce better security permissions, we have replaced the use of SA keys to workload identity providers where possible. We will also ensure the workload federated identities are attached to an environment in the repo.
Changes
environment
attribute to thedocker
workflow