Skip to content

fix(workflow/security-guardian): resolves bad object error when its run in the context of main branch #34153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix(workflow/security-guardian): resolves bad object error when its run in the context of main branch #34153

wants to merge 1 commit into from

Conversation

QuantumNeuralCoder
Copy link
Contributor

Issue # (if applicable)

Github action security-guradian is unable to detect changed cfn templates in PRs
Closes #.
NA

Reason for this change

Fixes an issue where security-guardian github action runs but is unable to find changed templates. Since it runs in the context of pull_request_target workflow its unable to find the head commit of PR which is in the base branch. This happened after we switched from pull_request to pull_request_target for improved security posture during the run of the github action.

Run echo "Getting changed CloudFormation templates..."
Getting changed CloudFormation templates...
From https://github.com/aws/aws-cdk
 * branch                  main       -> FETCH_HEAD
fatal: bad object 7c12c04a9d7bde97dda3caec8e3fcf7102f2f938

Description of changes

Checksout and compares the base version with the head version.

Describe any new or updated permissions being added

None

Description of how you validated changes

Cannot be validated until merged

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Apr 15, 2025
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Apr 15, 2025
aws-cdk-automation
aws-cdk-automation requested changes Apr 15, 2025
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter fails with the following errors:

❌ Fixes must contain a change to a test file.
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title prefix of this pull request must be one of "feat|fix|build|chore|ci|docs|style|refactor|perf|test|revert"

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.

@QuantumNeuralCoder QuantumNeuralCoder added the pr/do-not-merge This PR should not be merged at this time. label Apr 15, 2025
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 4ca9349
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@github-actions GitHub Actions
Copy link
Contributor

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 15, 2025
@QuantumNeuralCoder QuantumNeuralCoder deleted the s-g branch May 14, 2025 21:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation requested changes

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr/do-not-merge This PR should not be merged at this time.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@QuantumNeuralCoder @aws-cdk-automation