{{ message }}
Update buildspec.yaml#37
Open
ishu599 wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@DevOps-Project-23/Swiggy_clone/buildspec.yaml`:
- Around line 58-59: Replace the hardcoded emails used in the SES command
(--from and --to) with Parameter Store references and load them via the
buildspec env.parameter-store configuration; update the buildspec.yaml to
declare parameters (e.g., /cicd/ses/from-email and /cicd/ses/to-email) and
change the SES invocation to use the parameter values instead of literal
addresses so the SES command (the lines containing "--from" and "--to") reads
values from the parameter-store variables; also ensure CI/CD secrets are created
in SSM (aws ssm put-parameter ...) with verified SES addresses before the
pipeline runs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 0a8698d3-1abd-4bb8-9b5b-1dc87ed78584
📒 Files selected for processing (1)
DevOps-Project-23/Swiggy_clone/buildspec.yaml
Comment on lines
+58
to
+59
There was a problem hiding this comment.
Hardcoded email addresses expose PII and create security/maintainability risks.
Personal email addresses are hardcoded directly in the repository, which:
- Exposes PII (Personally Identifiable Information) to anyone with repository access
- Creates a spam/phishing target
- Makes the configuration inflexible and harder to maintain
- Violates security best practices for managing sensitive data
🔒 Proposed fix: Use AWS Systems Manager Parameter Store
Store email addresses in Parameter Store and reference them in the buildspec:
Update the env.parameter-store section:
env:
parameter-store:
DOCKER_REGISTRY_USERNAME: /cicd/docker-credentials/username
DOCKER_REGISTRY_PASSWORD: /cicd/docker-credentials/password
DOCKER_REGISTRY_URL: /cicd/docker-registry/url
SONAR_TOKEN: /cicd/sonar/sonar-token
+ NOTIFICATION_FROM_EMAIL: /cicd/ses/from-email
+ NOTIFICATION_TO_EMAIL: /cicd/ses/to-emailThen update the SES command:
post_build:
commands:
- |
aws ses send-email \
- --from "ishuraghuvinder@gmail.com" \
- --to "ishuraghuvinder@gmail.com" \
+ --from "$NOTIFICATION_FROM_EMAIL" \
+ --to "$NOTIFICATION_TO_EMAIL" \
--subject "CodeBuild Status: $CODEBUILD_BUILD_ID" \
--text "Build status: $CODEBUILD_BUILD_STATUS" \
--region "eu-north-1"Create the parameters:
aws ssm put-parameter --name /cicd/ses/from-email --value "your-verified-email@example.com" --type String
aws ssm put-parameter --name /cicd/ses/to-email --value "recipient@example.com" --type String🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@DevOps-Project-23/Swiggy_clone/buildspec.yaml` around lines 58 - 59, Replace
the hardcoded emails used in the SES command (--from and --to) with Parameter
Store references and load them via the buildspec env.parameter-store
configuration; update the buildspec.yaml to declare parameters (e.g.,
/cicd/ses/from-email and /cicd/ses/to-email) and change the SES invocation to
use the parameter values instead of literal addresses so the SES command (the
lines containing "--from" and "--to") reads values from the parameter-store
variables; also ensure CI/CD secrets are created in SSM (aws ssm put-parameter
...) with verified SES addresses before the pipeline runs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Summary by CodeRabbit
Release Notes