From 24ea8bde6ffa706d8f42694872242050f2c574e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20OLIVIER?= <cedric3.olivier@orange.com> Date: Mon, 24 Feb 2025 16:28:06 +0000 Subject: [PATCH] fix(security): remove generated-deployment.yml from artifact On kustomize with secret CI/CD variables used for substitution for example with a pre-apply script, secrets was leaked in artifacts. You need to : * delete k8s-<env>-deploy artifacts * renew all leaked secrets --- templates/gitlab-ci-k8s.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/gitlab-ci-k8s.yml b/templates/gitlab-ci-k8s.yml index 0a38b16..477eaa8 100644 --- a/templates/gitlab-ci-k8s.yml +++ b/templates/gitlab-ci-k8s.yml @@ -936,7 +936,6 @@ k8s-score: name: "$ENV_TYPE env url for $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" when: always paths: - - generated-deployment.yml - environment_url.txt reports: dotenv: kubernetes.env -- GitLab