♻️ Refactor GitHub Actions to Store ECR Registry URL as a Secret #119
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
👀 Purpose
♻️ What's changed
The ECR registry URL is now stored as a GitHub secret (ECR_REGISTRY_URL) instead of being dynamically retrieved and exposed in workflow logs. This change ensures that sensitive AWS account information, including the registry URL, is not visible in plaintext during workflow execution.
GitHub automatically masks secrets in logs, mitigating the risk of inadvertently exposing sensitive information.
📝 Notes
The workflow configuration is now cleaner and easier to maintain, as sensitive information is handled through GitHub's secret management.
Developers no longer need to retrieve the registry dynamically within each step. The secret is pre-defined and can be referenced easily, leading to more concise and readable workflows.
Rationale:
By moving the ECR registry URL to a secret, we follow the principle of least privilege and limit the exposure of sensitive information.
It simplifies onboarding for new projects or teams, as the registry information is centrally managed and can be easily updated without modifying the workflow logic itself.
This change enhances the overall security posture of our CI/CD workflows and aligns with industry best practices.