Remove invalid config file settings

[anuruddhal]

Purpose

• Remove invalid config file settings

Summary by CodeRabbit

• Chores
  • Simplified server startup: removed automatic updates to the frontend SSO configuration so startup now proceeds without modifying frontend config files.
  • CI/CD tooling updated: upgraded the Trivy security scanner used in the release workflow to a newer version.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 75a43aaa-c707-42e5-b034-82f5d32a607e

📥 Commits

Reviewing files that changed from the base of the PR and between 054ecad and 61958d4.

📒 Files selected for processing (1)

• .github/workflows/release.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release.yml

---

Walkthrough

Removed frontend config update logic that synchronized SSO flag from deployment.toml into choreo.env.config.js; also updated Trivy action version in the release workflow from aquasecurity/trivy-action@0.30.0 to @0.35.0.

Changes

Cohort / File(s)	Summary
Deployment Scripts distribution/scripts/icp.bat, distribution/scripts/icp.sh	Removed code that located and updated www/public/choreo.env.config.js to set SSO_ENABLED from deployment.toml. ssoEnabled is still parsed but no longer applied to the frontend config; startup control flow now relies only on conf/deployment.toml presence.
Release Workflow .github/workflows/release.yml	Pinned aquasecurity/trivy-action version updated from 0.30.0 to 0.35.0 in three Trivy steps; other step inputs and conditions unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I nibbled at configs, soft and neat,

Removed a step that altered the street.
SSO now stays tucked away,
Trivy stepped up its new display.
A joyful hop — the scripts feel light and sweet.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is severely incomplete, containing only a Purpose section with minimal detail and missing most required template sections including Goals, Approach, Release notes, Security checks, and Test environment information.	Complete the PR description using the template: add Goals explaining why the config updates were removed, Approach details, Release notes summary, Security checks confirmation, and Test environment details.
Title check	❓ Inconclusive	The title is vague and generic, using non-descriptive language ('invalid config file settings') that does not clearly convey what specific changes are being made.	Provide a more specific title that clearly describes the main change, such as 'Remove SSO_ENABLED frontend config updates from startup scripts'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anuruddhal]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Line 170: Replace the outdated Trivy GitHub Action references "uses:
aquasecurity/trivy-action@0.20.0" with the safe recommended version "uses:
aquasecurity/trivy-action@0.35.0" at all occurrences in the workflow (the three
steps currently using the old pin); ensure each step that currently uses the
symbol "uses: aquasecurity/trivy-action@0.20.0" is updated to "uses:
aquasecurity/trivy-action@0.35.0" so the workflow benefits from the fixes
(including PR#454/456) and consistent versioning across lines 170, 187, and 197.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 236329e4-1d9f-430f-8cdc-a460a97340b3

📥 Commits

Reviewing files that changed from the base of the PR and between b921972 and 054ecad.

📒 Files selected for processing (3)

• .github/workflows/release.yml
• distribution/scripts/icp.bat
• distribution/scripts/icp.sh

💤 Files with no reviewable changes (2)

• distribution/scripts/icp.bat
• distribution/scripts/icp.sh