Codeql issue hashicorp

[sayaliM0412]

fix:.github/workflows/codeql.yml: codeql fails in hashicorp with 401 Unauth .
Successful run when built with adding: maven-settings-xml-action: https://github.com/liquibase/hashicorp-vault-plugin/actions/runs/8913988741

comments on the ticket: https://datical.atlassian.net/browse/DAT-17435?focusedCommentId=141375

[jnewton03]

@sayaliM0412 I just want to confirm:
If an external contributor forks an extension repo that is calling this workflow, they will not be able to access secrets, right?

[sayaliM0412]

@sayaliM0412 I just want to confirm: If an external contributor forks an extension repo that is calling this workflow, they will not be able to access secrets, right?

I'll do a test-run and get back

[sayaliM0412]

@sayaliM0412 I just want to confirm: If an external contributor forks an extension repo that is calling this workflow, they will not be able to access secrets, right?

I'll do a test-run and get back

Also, we are doing something similar here as well : https://github.com/liquibase/build-logic/blob/main/.github/workflows/os-extension-test.yml#L88
update: No, the external user cannot access the secrets. I think it's not accessible as the secrets are repository-specific and are not inherited or shared between repositories, even if one repository is using workflows from another repository. When an external user forks "hashicorp," they will not have access to the secrets defined in "build-logic".

[jnewton03]

@sayaliM0412 Will forked contributor PRs run successfully?

[sayaliM0412]

@sayaliM0412 Will forked contributor PRs run successfully?

yes.