I’m probably trying to tackle this the wrong way. Deploying Azure resources using ARM Templates and then deploying code.
I’ve noticed that workflows can be written and edited by Writers (as it states here: https://docs.github.com/en/free-pro-team@latest/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization )
Which means that there’s a chance for people to clone the workflow file, update it incorrectly and then push it to their branch. Actions will then execute and potentially wipe out production.
Is there anyway to ensure that SECRETS are branch specific? Doing so would ensure that only the main branch has access to Production, whilst all of the others get access to Development.
I’ve already tested the Branch deploying if configured properly however user error makes me wonder on the what-if side. There’s potential to cause issues due to how open Github Actions are really.