Skip to content

fix: upgraded build and push yaml (MAPCO-9842)#69

Merged
roicohen326 merged 3 commits intomasterfrom
chore-build-and-push-yaml
Feb 16, 2026
Merged

fix: upgraded build and push yaml (MAPCO-9842)#69
roicohen326 merged 3 commits intomasterfrom
chore-build-and-push-yaml

Conversation

@roicohen326
Copy link
Contributor

@roicohen326 roicohen326 commented Feb 16, 2026

Question Answer
Bug fix
New feature
Breaking change
Deprecations
Documentation
Tests added
Chore

Copilot AI review requested due to automatic review settings February 16, 2026 14:21
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the tag-triggered GitHub Actions workflow to use MapColonies “shared-workflows” composite actions and to parameterize registry/token values via secrets, supporting a more reusable and centrally maintained release pipeline.

Changes:

  • Switch from repo-specific actions to MapColonies/shared-workflows/actions/* equivalents for login, build/push, and artifacts update.
  • Replace hard-coded ACR registry URL with ${{ secrets.ACR_URL }} and adjust action inputs (e.g., context, artifact_name, artifact_tag, type).
  • Configure checkout and artifacts update steps to use ${{ secrets.GH_PAT }}.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

artifact_tag: ${{ github.ref_name }}
type: helm
registry: ${{ secrets.ACR_URL }}
github_token: ${{ secrets.GH_PAT }}
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

github_token is set to a PAT (secrets.GH_PAT). If the action only needs repo-scoped access, use GITHUB_TOKEN so access is constrained by the workflow permissions and can’t exceed what the job declares.

Suggested change
github_token: ${{ secrets.GH_PAT }}
github_token: ${{ github.token }}

Copilot uses AI. Check for mistakes.
Comment on lines +21 to 22
uses: MapColonies/shared-workflows/actions/artifactory-login@artifactory-login-v1.0.0
with:
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This action is referenced by a movable tag. To reduce supply-chain risk, consider pinning to an immutable commit SHA (or another immutability mechanism your org uses) instead of a tag name.

Copilot uses AI. Check for mistakes.
Comment on lines +28 to 29
uses: MapColonies/shared-workflows/actions/build-and-push-helm@build-and-push-helm-v1.0.1
with:
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This action is referenced by a movable tag. To reduce supply-chain risk, consider pinning to an immutable commit SHA (or another immutability mechanism your org uses) instead of a tag name.

Copilot uses AI. Check for mistakes.
Comment on lines +35 to 36
uses: MapColonies/shared-workflows/actions/update-artifacts-file@update-artifacts-file-v1.1.1
with:
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This action is referenced by a movable tag. To reduce supply-chain risk, consider pinning to an immutable commit SHA (or another immutability mechanism your org uses) instead of a tag name.

Copilot uses AI. Check for mistakes.
Comment on lines 17 to 18
with:
token: ${{ secrets.GH_PAT }}
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actions/checkout is configured to use a long-lived PAT (secrets.GH_PAT). If a PAT isn’t strictly required here, prefer the built-in GITHUB_TOKEN (or omit with.token) so the workflow token stays least-privileged and scoped by the workflow permissions block. If a PAT is required, consider documenting why and ensuring it’s minimally scoped (e.g., contents only).

Suggested change
with:
token: ${{ secrets.GH_PAT }}

Copilot uses AI. Check for mistakes.
@roicohen326 roicohen326 changed the title Chore build and push yaml (MAPCO-9842) ci: build and push yaml (MAPCO-9842) Feb 16, 2026
@roicohen326 roicohen326 changed the title ci: build and push yaml (MAPCO-9842) ci: upgraded build and push yaml (MAPCO-9842) Feb 16, 2026
@roicohen326 roicohen326 changed the title ci: upgraded build and push yaml (MAPCO-9842) fix: upgraded build and push yaml (MAPCO-9842) Feb 16, 2026
@roicohen326 roicohen326 merged commit 92903bf into master Feb 16, 2026
2 checks passed
@roicohen326 roicohen326 deleted the chore-build-and-push-yaml branch February 16, 2026 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants