Skip to content

🩹 [Patch]: Replace secrets inheritance with explicit secret passing #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MariusStorhaug merged 5 commits into from
Jan 23, 2026
Merged

🩹 [Patch]: Replace secrets inheritance with explicit secret passing #137

MariusStorhaug merged 5 commits into from
Jan 23, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 23, 2026
edited by MariusStorhaug
Loading

Improves workflow security by replacing unconditional secrets: inherit with explicit secret passing in the Process-PSModule workflow. This follows the principle of least privilege by only passing the required APIKey secret instead of exposing all repository secrets to the reusable workflow.

Changes

  1. Updated .github/workflows/Process-PSModule.yml: Changed from secrets: inherit to explicitly passing only the required APIKey secret using APIKey: ${{ secrets.APIKey }}.

Benefits

  • Reduces risk of unintended secret exposure to reusable workflows
  • Follows GitHub Actions security best practices
  • Addresses zizmor security linting warnings
  • No functional changes - the workflow continues to operate identically

Copilot AI and others added 3 commits January 23, 2026 09:43
@MariusStorhaug
Fix unconditional secrets inheritance by explicitly passing APIKey
0c3c03f 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
@MariusStorhaug
Complete fix for unconditional secrets inheritance warning
0a30515 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
@MariusStorhaug
Remove accidentally committed actionlint binary
d6666f2 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix unconditional secrets inheritance warning in Process-PSModule workflow Fix unconditional secrets inheritance in Process-PSModule workflow Jan 23, 2026
Copilot AI requested a review from MariusStorhaug January 23, 2026 09:46
@MariusStorhaug MariusStorhaug changed the title Fix unconditional secrets inheritance in Process-PSModule workflow 🩹[Patch]: Fix unconditional secrets inheritance in Process-PSModule workflow Jan 23, 2026
@MariusStorhaug MariusStorhaug added the Patch Fixes bugs or adds small fixes to existing functionality label Jan 23, 2026
MariusStorhaug
MariusStorhaug requested changes Jan 23, 2026
View reviewed changes
@MariusStorhaug
Revert .gitignore to original state
f06fde0 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
Copilot AI requested a review from MariusStorhaug January 23, 2026 10:33
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Fix unconditional secrets inheritance in Process-PSModule workflow 🩹 [Patch]: Replace secrets inheritance with explicit secret passing Jan 23, 2026
@MariusStorhaug MariusStorhaug marked this pull request as ready for review January 23, 2026 11:01
Copilot AI review requested due to automatic review settings January 23, 2026 11:01
@MariusStorhaug MariusStorhaug merged commit e74fb5d into main Jan 23, 2026
44 checks passed
@MariusStorhaug MariusStorhaug deleted the copilot/fix-secrets-inheritance-warning branch January 23, 2026 11:03
Copilot AI reviewed Jan 23, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves workflow security by replacing unconditional secrets: inherit with explicit secret passing in the Process-PSModule workflow, addressing a zizmor security linting warning flagged in issue #136.

Changes:

  • Updated .github/workflows/Process-PSModule.yml to explicitly pass only the required APIKey secret instead of inheriting all repository secrets

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 23, 2026

Module GoogleFonts - 1.0.103 published to the PowerShell Gallery.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 23, 2026

GitHub release for GoogleFonts v1.0.103 has been created.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MariusStorhaug MariusStorhaug Awaiting requested review from MariusStorhaug

Assignees

@MariusStorhaug MariusStorhaug

Copilot code review Copilot

Labels

Patch Fixes bugs or adds small fixes to existing functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🩹[Patch]: Fix unconditional secrets inheritance warning in Process-PSModule workflow

2 participants

@MariusStorhaug