You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, the workflow used the github-actions role in the Modernisation Platform (MP) account. Due to a recent change restricting the OIDC role in the MP account, the workflow is updated to use the github-actions role in the Sprinkler account. This allows the workflow to function as expected for pull request events. #8078
How does this PR fix the problem?
By switching to the github-actions role in the Sprinkler account, the workflow can continue to process pull request events. This change resolves the issue caused by OIDC restrictions in the MP account and ensures proper functionality.|
How has this been tested?
Please describe the tests that you ran and provide instructions to reproduce.
{Please write here}
Deployment Plan / Instructions
Will this deployment impact the platform and / or services on it?
{Please write here}
Checklist (check x in [ ] of list items)
I have performed a self-review of my own code
All checks have passed
I have made corresponding changes to the documentation
Plan and discussed how it should be deployed to PROD (If needed)
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
Trivy will check the following folders:
terraform/environments/sprinkler
Running Trivy in terraform/environments/sprinkler
2024-11-27T10:20:46Z INFO [vulndb] Need to update DB
2024-11-27T10:20:46Z INFO [vulndb] Downloading vulnerability DB...
2024-11-27T10:20:46Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-27T10:20:49Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-27T10:20:49Z INFO [vuln] Vulnerability scanning is enabled
2024-11-27T10:20:49Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-27T10:20:49Z INFO [misconfig] Need to update the built-in checks
2024-11-27T10:20:49Z INFO [misconfig] Downloading the built-in checks...
2024-11-27T10:20:49Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:16442a4593a0395452e678ef699a880eec94d9211dfc887d52574beb78b95030: TOOMANYREQUESTS: retry-after: 108.122µs, allowed: 44000/minute"
2024-11-27T10:20:49Z INFO [secret] Secret scanning is enabled
2024-11-27T10:20:49Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-27T10:20:49Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-27T10:20:50Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-27T10:20:50Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-27T10:20:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.ram-ec2-retagging[0].data.aws_subnet.host" value="cty.NilVal"
2024-11-27T10:20:51Z INFO Number of language-specific files num=0
2024-11-27T10:20:51Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/sprinkler
*****************************
Running Checkov in terraform/environments/sprinkler
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-27 10:20:54,280 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=84a83751b5289f363a728eb181470b59fc5e2899:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 16, Failed checks: 0, Skipped checks: 2
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/sprinkler
*****************************
Running tflint in terraform/environments/sprinkler
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/sprinkler
*****************************
Running Trivy in terraform/environments/sprinkler
2024-11-27T10:20:46Z INFO [vulndb] Need to update DB
2024-11-27T10:20:46Z INFO [vulndb] Downloading vulnerability DB...2024-11-27T10:20:46Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-11-27T10:20:49Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-11-27T10:20:49Z INFO [vuln] Vulnerability scanning is enabled
2024-11-27T10:20:49Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-27T10:20:49Z INFO [misconfig] Need to update the built-in checks
2024-11-27T10:20:49Z INFO [misconfig] Downloading the built-in checks...2024-11-27T10:20:49Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:16442a4593a0395452e678ef699a880eec94d9211dfc887d52574beb78b95030: TOOMANYREQUESTS: retry-after: 108.122µs, allowed: 44000/minute"2024-11-27T10:20:49Z INFO [secret] Secret scanning is enabled
2024-11-27T10:20:49Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-27T10:20:49Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-27T10:20:50Z INFO [terraformscanner] Scanning root module file_path="."2024-11-27T10:20:50Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-11-27T10:20:51Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.ram-ec2-retagging[0].data.aws_subnet.host"value="cty.NilVal"2024-11-27T10:20:51Z INFO Number of language-specific files num=02024-11-27T10:20:51Z INFO Detected config files num=1trivy_exitcode=0
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sukeshreddyg
had a problem deploying
to
production
GitHub Actions
Failure
A reference to the issue / Description of it
Previously, the workflow used the github-actions role in the Modernisation Platform (MP) account. Due to a recent change restricting the OIDC role in the MP account, the workflow is updated to use the github-actions role in the Sprinkler account. This allows the workflow to function as expected for pull request events. #8078
How does this PR fix the problem?
By switching to the github-actions role in the Sprinkler account, the workflow can continue to process pull request events. This change resolves the issue caused by OIDC restrictions in the MP account and ensures proper functionality.|
How has this been tested?
Please describe the tests that you ran and provide instructions to reproduce.
{Please write here}
Deployment Plan / Instructions
Will this deployment impact the platform and / or services on it?
{Please write here}
Checklist (check
xin[ ]of list items)Additional comments (if any)
{Please write here}