-
Hi everyone. I ran into a problem recently regarding github actions and it’s logs. To pass the username and password I used: The problem is when this expression gets evaluated it shows up in logs. To try and avoid this I did: Now in the CLI command the username and password seems to be masked, but still in the add-mask command it’s shown. It seems like expressions are evaluated and printed as commands before add-mask can register them. Is there any workaround regarding the same? Edit: I can’t seem to get the formatting right for the post. My apologies for that as well. |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments
-
As a workaround to avoid the username and password are displayed in the logs before mask, you can manually add a multi-line secret that contains some strings or keywords you want to mask in the logs. Then in the workflow, map this secret as a global (workflow level) environment variable.
|
Beta Was this translation helpful? Give feedback.
-
Hi @brightran. Thank you for your response. echo “::add-mask::{{ fromJson(steps.var.outputs.json).username }}" Anything else I could try regarding this case? |
Beta Was this translation helpful? Give feedback.
-
How about mask the whole json content?
Maybe you can try to add this step to see if it work.
|
Beta Was this translation helpful? Give feedback.
-
Tried this way. While in the logs, github shows the line as |
Beta Was this translation helpful? Give feedback.
-
The following workaround should work:
When “run” a bash script file, the command lines in the script file will not be printed in the logs. Here is a example I tested on my side: |
Beta Was this translation helpful? Give feedback.
-
Hi @brightran! This worked like a charm! |
Beta Was this translation helpful? Give feedback.
-
You’re welcome, @ugam-paul . |
Beta Was this translation helpful? Give feedback.
@ugam-paul ,
The following workaround should work:
Add the command lines you need to execute in a bash script file (e.g. mask.sh).
Execute the bash script in your workflow.
When “run” a bash script file, the command lines in the script file will not be printed in the logs.
Here is a example I tested on my side:
JSON file: https://github.com/TestWorkflowsRML/TestOutputs/blob/dfee4d8736c97b73d5c6d5e14f7d1a2b4aa387a0/secret.json
Script file: https://github.com/TestWorkflowsRML/TestOutputs/blob/dfee4d8736c97b73d5c6d5e14f7d1a2b4aa387a0/mask.sh
Workflow: https://github.com/TestWorkflowsRML/TestOutputs/runs…