Skip to content

Fix azure ci overrides

David Diederich requested to merge fix-azure-ci-overrides into master

As part of a CI security incident in July 2022, the protected variables that enabled CI jobs related to sensitive jobs wwere changed from a boolean to an integer. The reason why is to prevent pipelines executing on old code from operating due to the variables like $AZURE no longer matching "true". The corresponding CI logic was corrected to avoid security leaks, and anything that has been fixed should be match with the numeral "1".

This CI code keys off the $AZURE variable to determine if it is inside a protected pipeline or not, but doesn't deal with surefire reports. It should be keying off the new value -- and will throw invalid YAML errors until it has been updated.

In theory, if a similar problem happens again and we need to hard-fail any CI runs to address potential security threats, the $AZURE variable will be updated to "2", and so forth.

See also osdu/platform/security-and-compliance/home#61 (internal users only)

Edited by David Diederich

Merge request reports

Loading