bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-11 05:43:41 +00:00
Code Issues Releases Wiki Activity

Clean up workflow files for Zizmor (#17318)

Browse Source
This commit is contained in:
Matt Andreko
2025-11-11 09:58:49 -05:00
committed by GitHub
parent 021d3e53aa
commit ec5081a7e9
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.github/workflows/deploy-web.yml vendored
View File

@@ -54,8 +54,7 @@ on:
type: string type: string
required: false required: false
permissions: permissions: {}
deployments: write
jobs: jobs:
setup: setup:
@@ -373,10 +372,16 @@ jobs:
- name: Login to Azure - name: Login to Azure
uses: bitwarden/gh-actions/azure-login@main uses: bitwarden/gh-actions/azure-login@main
env:
# The following 2 values are ignored in Zizmor, because they have to be dynamically mapped from secrets
# The only way around this is to create separate steps per environment with static secret references, which is not maintainable
SUBSCRIPTION_ID: ${{ secrets[ needs.setup.outputs.azure_login_subscription_id_key_name ] }} # zizmor: ignore[overprovisioned-secrets]
CLIENT_ID: ${{ secrets[ needs.setup.outputs.azure_login_client_key_name ] }} # zizmor: ignore[overprovisioned-secrets]
TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
with: with:
subscription_id: ${{ secrets[needs.setup.outputs.azure_login_subscription_id_key_name] }} subscription_id: ${{ env.SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }} tenant_id: ${{ env.TENANT_ID }}
client_id: ${{ secrets[needs.setup.outputs.azure_login_client_key_name] }} client_id: ${{ env.CLIENT_ID }}
- name: Retrieve Storage Account name - name: Retrieve Storage Account name
id: retrieve-secrets-azcopy id: retrieve-secrets-azcopy