Skip to content

Commit 8e36d74

Browse files
pdabelf5pdabelf5
committed
Mask file contents
1 parent 8a5a710 commit 8e36d74

File tree

5 files changed

+80
-16
lines changed

5 files changed

+80
-16
lines changed

.github/workflows/build-base-images.yml

Lines changed: 25 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -135,8 +135,16 @@ jobs:
135135
echo "Setting secrets for job"
136136
PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
137137
echo "::add-mask::$PLUS_CREDS"
138-
echo $PLUS_CREDS | jq -r '.crt' > nginx-repo.crt
139-
echo $PLUS_CREDS | jq -r '.key' > nginx-repo.key
138+
CERT=$(echo $PLUS_CREDS | jq -r '.crt')
139+
while read -r line; do
140+
echo "::add-mask::${line}"
141+
done <<< "${CERT}"
142+
echo $CERT > nginx-repo.crt
143+
KEY=$(echo $PLUS_CREDS | jq -r '.key')
144+
while read -r line; do
145+
echo "::add-mask::${line}"
146+
done <<< "${KEY}"
147+
echo $KEY > nginx-repo.key
140148
141149
- name: Docker Buildx
142150
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
@@ -224,9 +232,21 @@ jobs:
224232
echo "Setting secrets for job"
225233
PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
226234
echo "::add-mask::$PLUS_CREDS"
227-
echo $PLUS_CREDS | jq -r '.crt' > nginx-repo.crt
228-
echo $PLUS_CREDS | jq -r '.key' > nginx-repo.key
229-
az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv > rhel_license
235+
CERT=$(echo $PLUS_CREDS | jq -r '.crt')
236+
while read -r line; do
237+
echo "::add-mask::${line}"
238+
done <<< "${CERT}"
239+
echo $CERT > nginx-repo.crt
240+
KEY=$(echo $PLUS_CREDS | jq -r '.key')
241+
while read -r line; do
242+
echo "::add-mask::${line}"
243+
done <<< "${KEY}"
244+
echo $KEY > nginx-repo.key
245+
RHEL_CREDS=$(az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
246+
while read -r line; do
247+
echo "::add-mask::${line}"
248+
done <<< "${RHEL_CREDS}"
249+
echo $RHEL_CREDS > rhel_license
230250
231251
- name: Docker Buildx
232252
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

.github/workflows/build-plus.yml

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,9 +77,21 @@ jobs:
7777
echo "Setting secrets for job"
7878
PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
7979
echo "::add-mask::$PLUS_CREDS"
80-
echo $PLUS_CREDS | jq -r '.crt' > nginx-repo.crt
81-
echo $PLUS_CREDS | jq -r '.key' > nginx-repo.key
82-
az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv > rhel_license
80+
CERT=$(echo $PLUS_CREDS | jq -r '.crt')
81+
while read -r line; do
82+
echo "::add-mask::${line}"
83+
done <<< "${CERT}"
84+
echo $CERT > nginx-repo.crt
85+
KEY=$(echo $PLUS_CREDS | jq -r '.key')
86+
while read -r line; do
87+
echo "::add-mask::${line}"
88+
done <<< "${KEY}"
89+
echo $KEY > nginx-repo.key
90+
RHEL_CREDS=$(az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
91+
while read -r line; do
92+
echo "::add-mask::${line}"
93+
done <<< "${RHEL_CREDS}"
94+
echo $RHEL_CREDS > rhel_license
8395
if: ${{ inputs.authenticated }}
8496

8597
- name: Authenticate to Google Cloud

.github/workflows/build-single-image.yml

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -93,9 +93,21 @@ jobs:
9393
echo "Setting secrets for job"
9494
PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
9595
echo "::add-mask::$PLUS_CREDS"
96-
echo $PLUS_CREDS | jq -r '.crt' > nginx-repo.crt
97-
echo $PLUS_CREDS | jq -r '.key' > nginx-repo.key
98-
az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv > rhel_license
96+
CERT=$(echo $PLUS_CREDS | jq -r '.crt')
97+
while read -r line; do
98+
echo "::add-mask::${line}"
99+
done <<< "${CERT}"
100+
echo $CERT > nginx-repo.crt
101+
KEY=$(echo $PLUS_CREDS | jq -r '.key')
102+
while read -r line; do
103+
echo "::add-mask::${line}"
104+
done <<< "${KEY}"
105+
echo $KEY > nginx-repo.key
106+
RHEL_CREDS=$(az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
107+
while read -r line; do
108+
echo "::add-mask::${line}"
109+
done <<< "${RHEL_CREDS}"
110+
echo $RHEL_CREDS > rhel_license
99111
if: ${{ contains(inputs.target, 'plus') }}
100112

101113
- name: Fetch Cached Binary Artifacts

.github/workflows/ci.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -450,8 +450,16 @@ jobs:
450450
echo "Setting secrets for job"
451451
PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
452452
echo "::add-mask::$PLUS_CREDS"
453-
echo $PLUS_CREDS | jq -r '.crt' > nginx-repo.crt
454-
echo $PLUS_CREDS | jq -r '.key' > nginx-repo.key
453+
CERT=$(echo $PLUS_CREDS | jq -r '.crt')
454+
while read -r line; do
455+
echo "::add-mask::${line}"
456+
done <<< "${CERT}"
457+
echo $CERT > nginx-repo.crt
458+
KEY=$(echo $PLUS_CREDS | jq -r '.key')
459+
while read -r line; do
460+
echo "::add-mask::${line}"
461+
done <<< "${KEY}"
462+
echo $KEY > nginx-repo.key
455463
if: ${{ needs.checks.outputs.forked_workflow != 'true' }}
456464

457465
- name: Authenticate to Google Cloud

.github/workflows/setup-smoke.yml

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,21 @@ jobs:
7575
echo "Setting secrets for job"
7676
PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
7777
echo "::add-mask::$PLUS_CREDS"
78-
echo $PLUS_CREDS | jq -r '.crt' > nginx-repo.crt
79-
echo $PLUS_CREDS | jq -r '.key' > nginx-repo.key
80-
az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv > rhel_license
78+
CERT=$(echo $PLUS_CREDS | jq -r '.crt')
79+
while read -r line; do
80+
echo "::add-mask::${line}"
81+
done <<< "${CERT}"
82+
echo $CERT > nginx-repo.crt
83+
KEY=$(echo $PLUS_CREDS | jq -r '.key')
84+
while read -r line; do
85+
echo "::add-mask::${line}"
86+
done <<< "${KEY}"
87+
echo $KEY > nginx-repo.key
88+
RHEL_CREDS=$(az keyvault secret show --name rhel-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
89+
while read -r line; do
90+
echo "::add-mask::${line}"
91+
done <<< "${RHEL_CREDS}"
92+
echo $RHEL_CREDS > rhel_license
8193
if: ${{ inputs.authenticated }}
8294

8395
- name: Authenticate to Google Cloud

0 commit comments

Comments
 (0)