Changes

Summary

fix(pipelines): stop exposing github token to PR jobs (#4460) (commit: 1b271fa) (details)

Commit 1b271fa111189bad5238beff6fad1570659804ff by noreply fix(pipelines): stop exposing github token to PR jobs (#4460) ## Summary - remove global `GITHUB_TOKEN = credentials('github-bot-token')` injection from `pull_` pipelines that execute untrusted PR code - keep non-sensitive `environment` entries such as `OCI_ARTIFACT_HOST` unchanged - limit the scope to PR-triggered pipelines; merged pipelines are not changed in this patch ## Risk These PR jobs were exposing a GitHub bot token to the full Jenkins execution environment even though the variable was not consumed later in the pipeline. A malicious PR could potentially read the token from the process environment. ## Verification - `git diff --check` - verified no `pull_.groovy` file still contains `GITHUB_TOKEN = credentials(...)` or `GH_TOKEN = credentials(...)` - verified no empty `environment {}` blocks remain after the cleanup (commit: 1b271fa)
The file was modified	pipelines/pingcap/tidb/latest/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/tikv/copr-test/latest/pull_integration_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_integration_binlog_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.3/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_integration_binlog_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.4/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_integration_binlog_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.3/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5-20241101-v6.5.7/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.3/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5-20241101-v6.5.7/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/latest/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/latest/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5-20241101-v6.5.7/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.2/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.2/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.2/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.4/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/latest/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.2/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.4/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.1/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5-20241101-v6.5.7/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_integration_tidb_tools_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.2/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5-20241101-v6.5.7/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.3/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.2/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.3/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_integration_binlog_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/latest/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.4/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-6.5/pull_integration_ddl_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.1/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.5/pull_integration_copr_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.1/pull_integration_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.3/pull_integration_mysql_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/latest/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.4/pull_mysql_client_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-8.4/pull_common_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-7.5/pull_integration_binlog_test.groovy (diff)
The file was modified	pipelines/pingcap/tidb/release-9.0-beta/pull_integration_common_test.groovy (diff)