[TT-17218] Test variation

[konrad-sol]

Changes in env_up github actions:

• use default branch instead of master (master will use latests versions of DBs, default could be older)
• use pump and sink versions from envfile in TUI

[probelabs]

This PR introduces minor modifications to the CI/CD testing infrastructure to enhance configuration flexibility.

Files Changed Analysis

• .github/actions/tests/env-up/action.yaml: Updated to allow tyk-pump and tyk-sink image versions to be specified via the matrix.envfiles context, falling back to the matrix context if not provided. This enables more specific test configurations.
• .github/actions/tests/test-controller/action.yaml: The default value for the fallback_ref input has been changed from master to default, likely to align with updated repository standards or branching strategies.

Architecture & Impact Assessment

• Accomplishment: The PR makes the testing pipeline more flexible by allowing overrides for service images and updating a default branch reference.
• Key Technical Changes:
  • Use of the || operator in GitHub Actions expressions to provide a fallback value for environment variables.
  • A default input value was changed in a reusable action's metadata.
• Affected System Components: The changes are confined to the repository's internal CI/CD workflows that utilize the env-up and test-controller GitHub Actions. There is no impact on the production application code.

Scope Discovery & Context Expansion

• The impact is limited to the CI/CD pipeline defined within this repository. The change in env-up suggests that some test variations may need to specify different versions of pump or sink than the default for a given test run. The test-controller change is a simple default update that will affect workflows that do not explicitly provide a fallback_ref.

Metadata

• Review Effort: 1 / 5
• Primary Label: chore

---

Powered by Visor from Probelabs

Last updated: 2026-06-18T12:34:36.552Z | Triggered by: pr_opened | Commit: 328d8aa

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

Security Issues (1)

Severity	Location	Issue
🔴 Critical	.github/actions/tests/env-up/action.yaml:96-99	The values from the GitHub Actions context (`matrix.envfiles.pump`, `matrix.pump`, `matrix.envfiles.sink`, `matrix.sink`) are directly interpolated into a shell script without being quoted. This can lead to command injection if the context values contain shell metacharacters. An attacker who can control these values could execute arbitrary commands in the CI runner. 💡 Suggestion Always quote variables that are derived from external inputs when used in shell commands to prevent word splitting and command injection. Enclose the GitHub Actions expressions in double quotes.

✅ Architecture Check Passed

No architecture issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2026-06-18T12:34:31.166Z | Triggered by: pr_opened | Commit: 328d8aa

💡 TIP: You can chat with Visor using /visor ask <your question>