Skip to content

Do not download report at end of smoke test #747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steventux merged 1 commit into from
Nov 20, 2025
Merged

Do not download report at end of smoke test #747

steventux merged 1 commit into from
Nov 20, 2025

Conversation

@steventux
Copy link
Contributor

@steventux steventux commented Nov 20, 2025
edited
Loading

Description

There is a potential security issue with the ADO pipeline having permissions to download a report from blob storage.
For this reason we don't enable these perms on dev, preprod and prod but for some reason review env granted this.
The smoke test was downloading the smoke test report from blob storage in the final verification step and this probably should not happen.
There are alternatives to this approach like searching logs which can be used to verify the smoke test.
As an interim step, do not download the smoke test report, simply verify that all container app jobs ran successfully.

Jira link

Review notes

Review checklist

  • Check database queries are correctly scoped to current_provider

@steventux
Do not download report at end of smoke test
54bd8f8 
There is a potential security issue with the ADO pipeline having permissions to download a report from blob storage.
There are alternatives to this approach like searching logs which can be used to verify the smoke test.
As an interim step, do not download the smoke test report, simply verify that all container app jobs ran sucessfully.
@steventux steventux merged commit b1665ce into main Nov 20, 2025
23 of 24 checks passed
@steventux steventux deleted the do-not-download-smoke-test-report branch November 20, 2025 14:17
@github-actions
Copy link

github-actions bot commented Nov 20, 2025

The review app at this URL has been deleted:
https://pr-747.manage-breast-screening.non-live.screening.nhs.uk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josielsouzanordcloud josielsouzanordcloud josielsouzanordcloud approved these changes

Assignees

No one assigned

Labels

deploy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@steventux @josielsouzanordcloud