Skip to content

UID2-6321 Reenable aks e2e#2375

Open
cYKatherine wants to merge 2 commits intomainfrom
kcc-UID2-6321-reenable-aks-e2e
Open

UID2-6321 Reenable aks e2e#2375
cYKatherine wants to merge 2 commits intomainfrom
kcc-UID2-6321-reenable-aks-e2e

Conversation

@cYKatherine
Copy link
Contributor

@cYKatherine cYKatherine commented Feb 17, 2026

No description provided.

@cYKatherine cYKatherine self-assigned this Feb 17, 2026
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 17, 2026
View reviewed changes
.github/workflows/publish-azure-cc-enclave-docker.yaml
Comment on lines +256 to +262
name: E2E Azure AKS
uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
needs: [buildImage, azureAks]
with:
operator_type: aks
operator_image_version: ${{ needs.buildImage.outputs.image_tag }}
secrets: inherit

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 days ago

To fix the problem, explicitly declare permissions for the e2eAzureAks job so that the GITHUB_TOKEN does not default to potentially broad repository or organization settings. The minimal, behavior-preserving approach is to add permissions: {} to that job, which disables all default token permissions for this job and leaves any necessary scopes to be defined in the called reusable workflow (run-e2e-tests-on-operator.yaml).

Concretely, in .github/workflows/publish-azure-cc-enclave-docker.yaml, in the jobs: section where e2eAzureAks is defined (around lines 255–262), add a permissions: {} line alongside the other job-level keys (similar to the existing permissions: {} on azureCc and azureAks). The result will look like:

  e2eAzureAks:
    name: E2E Azure AKS
    permissions: {}
    uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
    needs: [buildImage, azureAks]
    with:
      operator_type: aks
      operator_image_version: ${{ needs.buildImage.outputs.image_tag }}
    secrets: inherit

No additional imports, methods, or definitions are required.

Suggested changeset 1
.github/workflows/publish-azure-cc-enclave-docker.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml
--- a/.github/workflows/publish-azure-cc-enclave-docker.yaml
+++ b/.github/workflows/publish-azure-cc-enclave-docker.yaml
@@ -254,6 +254,7 @@
   
   e2eAzureAks:
     name: E2E Azure AKS
+    permissions: {}
     uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
     needs: [buildImage, azureAks]
     with:
EOF
@@ -254,6 +254,7 @@

e2eAzureAks:
name: E2E Azure AKS
permissions: {}
uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
needs: [buildImage, azureAks]
with:
Copilot is powered by AI and may make mistakes. Always verify output.
Copy link
Contributor

@lizk886 lizk886 Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add
permissions:
contents: read
? Didn't spend time look into it want to make sure you have

cYKatherine
cYKatherine commented Feb 19, 2026
View reviewed changes
.github/workflows/run-e2e-tests-on-operator.yaml
e2e-test:
name: E2E Test
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-run-e2e-tests.yaml@v3
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-run-e2e-tests.yaml@kcc-UID2-6321-reenable-aks-e2e
Copy link
Contributor Author

@cYKatherine cYKatherine Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Revert before merging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lizk886 lizk886 lizk886 approved these changes

Assignees

@cYKatherine cYKatherine

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cYKatherine @lizk886

Comments