Review the build pipeline and tokens

aws-powertools / powertools-lambda-layer-cdk

MIT No Attribution

39 stars 5 forks source link

Review the build pipeline and tokens #96

Closed leandrodamascena closed 1 month ago

leandrodamascena commented 3 months ago

We need to review the CDK layer build pipeline as well as the tokens used in the pipeline.

dreamorosi commented 3 months ago

Specifically, we should ensure that all the workflows used in the repo follow the org-wide standards in terms of security and best practices.

Likewise, we should make sure that all tokens used in the workflows are audited and centralized. At the moment we have 4 different tokens that need to be reviewed: 1 for npm, 2 for twine, and one that is a GitHub PAT.

github-actions[bot] commented 1 month ago

This issue is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon.

github-actions[bot] commented 1 month ago

Closing this issue as it hasn't seen activity for a while. Please add a comment @mentioning a maintainer to reopen.