ci: reduce the scope of acceptance test secrets

[rjaegers]

🚀 Hey, I have created a Pull Request

Description of changes

This pull request refactors the GitHub Actions workflow configuration files to simplify secret handling and improve environment management for acceptance tests. The most significant changes are the removal of unused secret definitions and the introduction of a named environment for acceptance testing.

Workflow configuration cleanup:

• Removed secret definitions (TEST_GITHUB_TOKEN, TEST_GITHUB_USER, TEST_GITHUB_PASSWORD, TEST_GITHUB_TOTP_SECRET) from the job configuration in .github/workflows/continuous-integration.yml and .github/workflows/wc-build-push-test.yml to reduce complexity and reliance on secrets that are no longer required. [1] [2]
• Deleted secret input requirements from the workflow triggers in .github/workflows/wc-acceptance-test.yml and .github/workflows/wc-build-push-test.yml, streamlining workflow inputs. [1] [2]

Environment management improvement:

• Added the environment: acceptance-testing property to the test job in .github/workflows/wc-acceptance-test.yml to enable better tracking and isolation of acceptance test runs.

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[Copilot]

Pull request overview

This pull request simplifies secret management in GitHub Actions workflows by removing explicit secret passing and introducing an environment-based approach for acceptance tests. The changes reduce workflow complexity while maintaining security through GitHub's environment protection.

Changes:

• Removed secret definitions and passing for test credentials (TEST_GITHUB_TOKEN, TEST_GITHUB_USER, TEST_GITHUB_PASSWORD, TEST_GITHUB_TOTP_SECRET) from workflow configurations
• Added environment: acceptance-testing to the acceptance test job to enable environment-level secret access
• Streamlined workflow inputs by removing unused secret requirements

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/wc-build-push-test.yml	Removed secret input definitions and passing to acceptance test workflow
.github/workflows/wc-acceptance-test.yml	Removed secret inputs and added environment property to test job
.github/workflows/continuous-integration.yml	Removed secret passing to build-push-test workflow

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	21		4	0	0.61s
✅ DOCKERFILE	hadolint	3		0	0	0.68s
✅ GHERKIN	gherkin-lint	6		0	0	2.39s
✅ JSON	npm-package-json-lint	yes		no	no	0.5s
✅ JSON	prettier	21	4	0	0	0.66s
✅ JSON	v8r	21		0	0	7.19s
✅ MARKDOWN	markdownlint	12	0	0	0	0.93s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.25s
✅ REPOSITORY	checkov	yes		no	no	17.36s
✅ REPOSITORY	gitleaks	yes		no	no	0.52s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	28.96s
✅ REPOSITORY	secretlint	yes		no	no	0.92s
✅ REPOSITORY	syft	yes		no	no	1.96s
✅ REPOSITORY	trivy	yes		no	no	5.51s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.23s
✅ REPOSITORY	trufflehog	yes		no	no	2.21s
⚠️ SPELL	lychee	81		1	0	21.67s
✅ YAML	prettier	29	0	0	0	0.84s
✅ YAML	v8r	29		0	0	8.28s
✅ YAML	yamllint	29		0	0	0.66s

Detailed Issues

❌ ACTION / actionlint - 4 errors

.github/workflows/release-build.yml:39:7: secret "TEST_GITHUB_TOKEN" is not defined in "./.github/workflows/wc-build-push-test.yml" reusable workflow. defined secrets are "DOCKER_REGISTRY_PASSWORD", "DOCKER_REGISTRY_USERNAME" [workflow-call]
   |
39 |       TEST_GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}
   |       ^~~~~~~~~~~~~~~~~~
.github/workflows/release-build.yml:40:7: secret "TEST_GITHUB_USER" is not defined in "./.github/workflows/wc-build-push-test.yml" reusable workflow. defined secrets are "DOCKER_REGISTRY_PASSWORD", "DOCKER_REGISTRY_USERNAME" [workflow-call]
   |
40 |       TEST_GITHUB_USER: ${{ secrets.TEST_GITHUB_USER }}
   |       ^~~~~~~~~~~~~~~~~
.github/workflows/release-build.yml:41:7: secret "TEST_GITHUB_PASSWORD" is not defined in "./.github/workflows/wc-build-push-test.yml" reusable workflow. defined secrets are "DOCKER_REGISTRY_PASSWORD", "DOCKER_REGISTRY_USERNAME" [workflow-call]
   |
41 |       TEST_GITHUB_PASSWORD: ${{ secrets.TEST_GITHUB_PASSWORD }}
   |       ^~~~~~~~~~~~~~~~~~~~~
.github/workflows/release-build.yml:42:7: secret "TEST_GITHUB_TOTP_SECRET" is not defined in "./.github/workflows/wc-build-push-test.yml" reusable workflow. defined secrets are "DOCKER_REGISTRY_PASSWORD", "DOCKER_REGISTRY_USERNAME" [workflow-call]
   |
42 |       TEST_GITHUB_TOTP_SECRET: ${{ secrets.TEST_GITHUB_TOTP_SECRET }}
   |       ^~~~~~~~~~~~~~~~~~~~~~~~

⚠️ SPELL / lychee - 1 error

[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....123
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........1

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1137

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	173.95 MB	173.95 MB	+14 B (+0%)	🔼
linux/arm64	166.46 MB	166.46 MB	60 B (0%)	🔽

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1137

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	554.36 MB	554.36 MB	2 B (0%)	🔽
linux/arm64	508.59 MB	508.59 MB	+29 B (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1137

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	695.65 MB	695.65 MB	144 B (0%)	🔽
linux/arm64	676.51 MB	676.51 MB	+186 B (+0%)	🔼

[github-actions]

Test Results

 6 files   - 1   6 suites   - 1   2m 39s ⏱️ - 3m 37s
32 tests  - 1  32 ✅  - 1  0 💤 ±0  0 ❌ ±0 
68 runs   - 1  68 ✅  - 1  0 💤 ±0  0 ❌ ±0 

Results for commit c1200be. ± Comparison against base commit 0b102f3.