Updated the excemption message for using inherit

sdangol · sdangol · commit e16d54c5244b · 2025-08-26T15:06:18.000+01:00
diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml
@@ -94,7 +94,7 @@ jobs:
   publish_layer:
     needs: publish-npm
     secrets:
-      # The update_ssm workflow called from the publish_layer workflow needs the secrets for all the regions. This will trigger a SonarQube warning.
+      # We use "inherit" because need to propagate the secrets to the reusable workflow, secrets are already scoped by using GitHub's deployment environments to mitigate the risk of secret exposure.
       inherit
     permissions:
       id-token: write
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
@@ -98,7 +98,7 @@ jobs:
       package_version: ${{ inputs.latest_published_version }}
       layer-version: ${{ needs.deploy-prod.outputs.layer-version }}
     secrets:
-      # The update_ssm workflow needs the secrets for all the regions. This will trigger a SonarQube warning.
+      # We use "inherit" because need to propagate the secrets to the reusable workflow, secrets are already scoped by using GitHub's deployment environments to mitigate the risk of secret exposure.
       inherit
 
   update_layer_arn_docs:
