Update buildspec.yaml by ishu599 · Pull Request #37 · NotHarshhaa/DevOps-Projects · GitHub
Skip to content

Update buildspec.yaml#37

Open
ishu599 wants to merge 1 commit into
NotHarshhaa:masterfrom
ishu599:patch-1
Open

Update buildspec.yaml#37
ishu599 wants to merge 1 commit into
NotHarshhaa:masterfrom
ishu599:patch-1

Conversation

@ishu599

@ishu599 ishu599 commented Jun 4, 2026

Copy link
Copy Markdown

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated build pipeline email notification configuration to ensure proper delivery of build status updates.

@coderabbitai

coderabbitai Bot commented Jun 4, 2026

Copy link
Copy Markdown

@ishu599 ishu599 closed this Jun 4, 2026
@ishu599 ishu599 reopened this Jun 4, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@DevOps-Project-23/Swiggy_clone/buildspec.yaml`:
- Around line 58-59: Replace the hardcoded emails used in the SES command
(--from and --to) with Parameter Store references and load them via the
buildspec env.parameter-store configuration; update the buildspec.yaml to
declare parameters (e.g., /cicd/ses/from-email and /cicd/ses/to-email) and
change the SES invocation to use the parameter values instead of literal
addresses so the SES command (the lines containing "--from" and "--to") reads
values from the parameter-store variables; also ensure CI/CD secrets are created
in SSM (aws ssm put-parameter ...) with verified SES addresses before the
pipeline runs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0a8698d3-1abd-4bb8-9b5b-1dc87ed78584

📥 Commits

Reviewing files that changed from the base of the PR and between a38cc0f and 0381f99.

📒 Files selected for processing (1)
  • DevOps-Project-23/Swiggy_clone/buildspec.yaml

Comment on lines +58 to +59

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Hardcoded email addresses expose PII and create security/maintainability risks.

Personal email addresses are hardcoded directly in the repository, which:

  • Exposes PII (Personally Identifiable Information) to anyone with repository access
  • Creates a spam/phishing target
  • Makes the configuration inflexible and harder to maintain
  • Violates security best practices for managing sensitive data
🔒 Proposed fix: Use AWS Systems Manager Parameter Store

Store email addresses in Parameter Store and reference them in the buildspec:

Update the env.parameter-store section:

 env:
   parameter-store:
     DOCKER_REGISTRY_USERNAME: /cicd/docker-credentials/username
     DOCKER_REGISTRY_PASSWORD: /cicd/docker-credentials/password
     DOCKER_REGISTRY_URL: /cicd/docker-registry/url
     SONAR_TOKEN: /cicd/sonar/sonar-token
+    NOTIFICATION_FROM_EMAIL: /cicd/ses/from-email
+    NOTIFICATION_TO_EMAIL: /cicd/ses/to-email

Then update the SES command:

 post_build:
   commands:
     - |
       aws ses send-email \
-        --from "ishuraghuvinder@gmail.com" \
-        --to "ishuraghuvinder@gmail.com" \
+        --from "$NOTIFICATION_FROM_EMAIL" \
+        --to "$NOTIFICATION_TO_EMAIL" \
         --subject "CodeBuild Status: $CODEBUILD_BUILD_ID" \
         --text "Build status: $CODEBUILD_BUILD_STATUS" \
         --region "eu-north-1"

Create the parameters:

aws ssm put-parameter --name /cicd/ses/from-email --value "your-verified-email@example.com" --type String
aws ssm put-parameter --name /cicd/ses/to-email --value "recipient@example.com" --type String
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@DevOps-Project-23/Swiggy_clone/buildspec.yaml` around lines 58 - 59, Replace
the hardcoded emails used in the SES command (--from and --to) with Parameter
Store references and load them via the buildspec env.parameter-store
configuration; update the buildspec.yaml to declare parameters (e.g.,
/cicd/ses/from-email and /cicd/ses/to-email) and change the SES invocation to
use the parameter values instead of literal addresses so the SES command (the
lines containing "--from" and "--to") reads values from the parameter-store
variables; also ensure CI/CD secrets are created in SSM (aws ssm put-parameter
...) with verified SES addresses before the pipeline runs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant