Commits on Feb 9, 2023

1. Remove Slack notifications for CI failures …

   We were storing the Slack secrets on a CircleCI context [1]. Although we
   were also passing them to forks [2], it resulted on unauthorized builds
   for external contributions.
   
   We could work around the issue in two ways:
   
   - Having the secrets outside of any context, but that would compromise
    the security of the associated Slack channel for:
     - Send messages as @circleci notifications
     - Send messages to channels @circleci notifications isn't a member of
     - Upload, edit, and delete files as CircleCI notifications
   - Using CircleCI logic statements [3] to conditionally run jobs when
   `CIRCLECI_USERNAME` or `CIRCLE_PR_USERNAME` env vars [4] are in a list
   of allowed users. However, that would be something difficult to
   maintain, and there's no other way to check the user's role.
   
   Given that we don't find those trade-offs to be acceptable, we remove
   the integration for now.
   
   [1] - https://circleci.com/docs/contexts/
   [2] - https://circleci.com/docs/oss/#pass-secrets-to-builds-from-forked-pull-requests
   [3] - https://circleci.com/docs/configuration-reference/#logic-statements
   [4] - https://circleci.com/docs/variables/

   

   waiting-for-dev committed Feb 9, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 16b10a5
   • Browse repository at this point

   Copy the full SHA

   16b10a5 View commit details

   Browse the repository at this point in the history