Raw logs are publicly accessible

In my opinion, raw logs or any other GitHub Action output within a private repo should be private as well.

3 Likes

Is this really true ?

The raw logs for private are not publicly accessible. You must have access to the repo to download and view them.

2 Likes

I can gain access to a file in raw form from a private repo using an anonymous browser window. This should not be possible. I have never logged into gh from an anon window.

The only way I can think of this working would be to use the browser tool to capture the time limited SAS URL for the log in question and then use that URL in your anonymous browser. However, to get that SAS URL you would have needed to be logged into GitHub with access to the private repository.

Is there another route you are taking? Feel free to email me.

I’m not asking how to do this, I’m saying I can and I shouldn’t be able to.

And I am asking how you are doing it. I am not able to find a way outside of grabbing the time bound SAS url.

1 Like

Get the raw url from your private repo, go to a private window, paste it in.

Ok yes, that is exactly what I said. You have to be logged in and have access to the repo to get that signed URL to download the raw log but once you have that URL you can download the raw log for 1 minute.

2 Likes