From 36cc34bbd51e15c23d07da81f0567d90f4f3c621 Mon Sep 17 00:00:00 2001 From: Yusuke Morimoto Date: Thu, 31 Jul 2025 12:15:17 +0900 Subject: [PATCH 1/2] Remove CR_PAT secret from vuln-check workflows (#2916) --- .github/workflows/manual-vuln-check.yaml | 2 -- .github/workflows/scheduled-vuln-check.yaml | 5 ----- .github/workflows/vuln-check.yaml | 3 --- 3 files changed, 10 deletions(-) diff --git a/.github/workflows/manual-vuln-check.yaml b/.github/workflows/manual-vuln-check.yaml index 14b6054359..0010dc503c 100644 --- a/.github/workflows/manual-vuln-check.yaml +++ b/.github/workflows/manual-vuln-check.yaml @@ -10,5 +10,3 @@ jobs: uses: ./.github/workflows/vuln-check.yaml with: target-ref: ${{ github.ref_name }} - secrets: - CR_PAT: ${{ secrets.CR_PAT }} diff --git a/.github/workflows/scheduled-vuln-check.yaml b/.github/workflows/scheduled-vuln-check.yaml index 97d6577578..b66a24f1b5 100644 --- a/.github/workflows/scheduled-vuln-check.yaml +++ b/.github/workflows/scheduled-vuln-check.yaml @@ -13,7 +13,6 @@ jobs: with: target-ref: master secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} call-vuln-check-for-v3_4: @@ -21,7 +20,6 @@ jobs: with: target-ref: v3.4.9 secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} call-vuln-check-for-v3_5: @@ -29,7 +27,6 @@ jobs: with: target-ref: v3.5.7 secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} call-vuln-check-for-v3_6: @@ -37,7 +34,6 @@ jobs: with: target-ref: v3.6.4 secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} call-vuln-check-for-v3_7: @@ -53,5 +49,4 @@ jobs: with: target-ref: v3.8.0 secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} diff --git a/.github/workflows/vuln-check.yaml b/.github/workflows/vuln-check.yaml index ff43cbcf14..70e3cb42e9 100644 --- a/.github/workflows/vuln-check.yaml +++ b/.github/workflows/vuln-check.yaml @@ -14,8 +14,6 @@ on: type: boolean default: false secrets: - CR_PAT: - required: true SLACK_SECURITY_WEBHOOK_URL: required: false @@ -28,5 +26,4 @@ jobs: images: '[["ScalarDB Schema Loader", "scalardb-schema-loader"], ["ScalarDB Data Loader CLI", "scalardb-data-loader-cli"]]' version-command: "./gradlew :core:properties -q | grep version: | awk '{print $2}'" secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} From 26a79b368ab4ec214fcd0a45b8c1594f01e0f522 Mon Sep 17 00:00:00 2001 From: brfrn169 Date: Thu, 31 Jul 2025 13:48:41 +0900 Subject: [PATCH 2/2] Fix --- .github/workflows/scheduled-vuln-check.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/scheduled-vuln-check.yaml b/.github/workflows/scheduled-vuln-check.yaml index b66a24f1b5..93557a2c5f 100644 --- a/.github/workflows/scheduled-vuln-check.yaml +++ b/.github/workflows/scheduled-vuln-check.yaml @@ -41,7 +41,6 @@ jobs: with: target-ref: v3.7.3 secrets: - CR_PAT: ${{ secrets.CR_PAT }} SLACK_SECURITY_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK_URL }} call-vuln-check-for-v3_8: