PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Friday, August 19, 2022

[FIXED] How to mask environment variables created in Github when running a workflow?

 August 19, 2022     environment-variables, github, github-actions, python     No comments   

Issue

I created a Github workflow that runs a python script with a cron schedule. On every run of the workflow an access_token is generated, which is required during the next run.

To save the token the python script writes the token to the GITHUB_ENV file. In the next step, I use the hmanzur/actions-set-secret@v2.0.0 action to save the token to a Github secret. All works fine.

My only problem is, that the token gets displayed in the logs of the second step as an environment variable.

Here is a minimal version of the workflow file:

name: Tests
on:
  schedule:
    - cron: "0 1 * * *"
jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python: ['3.9']
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: ${{ matrix.python }}
      - name: Install dependencies
        run: pip install -r requirements.txt
      - name: Run tests
        working-directory: ./src
        run: python -m unittest
        env:
          ACCESS_TOKEN: ${{secrets.ACCESS_TOKEN}}
      - uses: hmanzur/actions-set-secret@v2.0.0
        with:
          name: 'ACCESS_TOKEN'
          value: ${{env.ACCESS_TOKEN}}
          repository: Me/MyRepository
          token: ${{ secrets.REPO_ACCESS_TOKEN }}

I tried applying ::add-mask::. Adding echo "ACCESS_TOKEN=::add-mask::$ACCESS_TOKEN" >> $GITHUB_ENV only added ::add-mask:: to the string.

Is there a way of masking all environment variables in the GITHUB_ENV file I can apply in the first step? Can I apply the masking to the variable while writing to the GITHUB_ENV file in python? Or is there a way to disable the display of the environment variables during the workflow?


Solution

Your usage of "::add-mask::" is wrong (not your fault, I hate GHA doc).

What you need to do is:

echo "::add-mask::$ACCESS_TOKEN" 
echo "ACCESS_TOKEN=$ACCESS_TOKEN" >> $GITHUB_ENV


Answered By - micguo
Answer Checked By - Dawn Plyler (PHPFixing Volunteer)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

1,207,102

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © 2025 PHPFixing