OPSEXP-3709: Switch to read-only Nexus credentials #1321
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates GitHub Actions workflows to use read-only Nexus credentials for security purposes. The changes replace NEXUS_USERNAME and NEXUS_PASSWORD with their read-only equivalents across three workflow files.
- Updated credential references from write to read-only versions
- Applied changes to workflows handling Maven deployments, integration tests, and version bumping
- Improves security posture by limiting credential permissions where appropriate
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/mirror-libreoffice.yml |
Updated Maven deployment credentials to read-only (requires write access - critical issue identified) |
.github/workflows/enteprise.yml |
Updated Nexus credentials for docker integration and EC2 test workflows to read-only |
.github/workflows/bumpVersions.yml |
Updated Nexus environment variables to read-only for version checking operations |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
siddavamshi4
changed the title
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
##Ref : OPSEXP-3709
This PR reviews the usage of NEXUS_USERNAME / NEXUS_PASSWORD in GitHub Actions workflows and switches to NEXUS_USERNAME_READ_ONLY / NEXUS_PASSWORD_READ_ONLY where elevated privileges are not required.