Fix azure ci overrides (!28) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / Audit and Metrics

David Diederich requested to merge fix-azure-ci-overrides into master Jan 13, 2023

As part of a CI security incident in July 2022, the protected variables that enabled CI jobs related to sensitive jobs wwere changed from a boolean to an integer. The reason why is to prevent pipelines executing on old code from operating due to the variables like $AZURE no longer matching "true". The corresponding CI logic was corrected to avoid security leaks, and anything that has been fixed should be match with the numeral "1".

This CI code keys off the $AZURE variable to determine if it is inside a protected pipeline or not, but doesn't deal with surefire reports. It should be keying off the new value -- and will throw invalid YAML errors until it has been updated.

In theory, if a similar problem happens again and we need to hard-fail any CI runs to address potential security threats, the $AZURE variable will be updated to "2", and so forth.

See also osdu/platform/security-and-compliance/home#61 (internal users only)

Edited Jan 13, 2023 by David Diederich

Fix azure ci overrides

Merge request reports