debug: add raw secret inspection to verify token value

sshrihar · sshrihar · commit 09d2ce205a74 · 2025-12-08T18:09:19.000+04:00
diff --git a/.github/workflows/test_cloudflare_purge.yml b/.github/workflows/test_cloudflare_purge.yml
@@ -20,24 +20,53 @@ jobs:
 
       - name: Verify Cloudflare Token
         run: |
-          ZONE_ID=$(echo "${{ secrets.CLOUDFLARE_ZONE }}" | tr -d '[:space:]')
-          AUTH_TOKEN=$(echo "${{ secrets.CLOUDFLARE_AUTH_KEY }}" | tr -d '[:space:]')
+          # Get raw values first (before any processing)
+          RAW_ZONE_ID="${{ secrets.CLOUDFLARE_ZONE }}"
+          RAW_AUTH_TOKEN="${{ secrets.CLOUDFLARE_AUTH_KEY }}"
           
-          echo "=== Token Diagnostics ==="
+          echo "=== Raw Secret Inspection ==="
+          echo "Raw Zone ID length: ${#RAW_ZONE_ID}"
+          echo "Raw Token length: ${#RAW_AUTH_TOKEN}"
+          echo "Raw Token first 10 chars (hex): $(echo -n "$RAW_AUTH_TOKEN" | head -c 10 | xxd -p 2>/dev/null || echo 'xxd not available')"
+          echo "Raw Token first 10 chars (visible): $(echo -n "$RAW_AUTH_TOKEN" | head -c 10 | cat -A)"
+          
+          # Process values (trim whitespace)
+          ZONE_ID=$(echo "$RAW_ZONE_ID" | tr -d '[:space:]')
+          AUTH_TOKEN=$(echo "$RAW_AUTH_TOKEN" | tr -d '[:space:]')
+          
+          echo ""
+          echo "=== After Processing ==="
           echo "Zone ID length: ${#ZONE_ID}"
           echo "Zone ID: ${ZONE_ID:0:8}...${ZONE_ID: -8}"
           echo "Token length: ${#AUTH_TOKEN}"
           
           # Show token preview more safely
           if [ ${#AUTH_TOKEN} -ge 15 ]; then
-            TOKEN_START="${AUTH_TOKEN:0:8}"
-            TOKEN_END="${AUTH_TOKEN: -8}"
+            TOKEN_START="${AUTH_TOKEN:0:10}"
+            TOKEN_END="${AUTH_TOKEN: -10}"
             echo "Token preview: ${TOKEN_START}...${TOKEN_END}"
+            echo "Token starts with: ${AUTH_TOKEN:0:3}"
+            echo "Token ends with: ${AUTH_TOKEN: -3}"
           else
             echo "⚠️  WARNING: Token seems too short (${#AUTH_TOKEN} chars). API tokens are typically 40+ characters."
             echo "Token preview: ${AUTH_TOKEN:0:4}...${AUTH_TOKEN: -4}"
           fi
           
+          # Check if token matches expected start
+          if [ "${AUTH_TOKEN:0:3}" != "fjx" ]; then
+            echo ""
+            echo "⚠️  WARNING: Token does not start with 'fjx' as expected!"
+            echo "   Expected: starts with 'fjx'"
+            echo "   Actual: starts with '${AUTH_TOKEN:0:3}'"
+            echo ""
+            echo "This suggests the GitHub secret may not have been updated correctly."
+            echo "Please verify:"
+            echo "1. Go to: Settings → Secrets and variables → Actions"
+            echo "2. Check CLOUDFLARE_AUTH_KEY value"
+            echo "3. Make sure you saved the secret after updating it"
+            echo "4. Wait a few seconds for GitHub to propagate the secret"
+          fi
+          
           # Check token type hints
           if [ ${#AUTH_TOKEN} -lt 45 ]; then
             echo ""
