Open marksteward opened 2 days ago
Hi, this action leaks the temporary token as it's passed into the environment for the upload-file step. You probably want to do something like this instead:
upload-file
echo "::add-mask::$token" echo "token=$token" >> "$GITHUB_OUTPUT" ... -H "Authorization: Bearer ${{ steps.get_token.outputs.token }}" \
See also https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-masking-a-generated-output-within-a-single-job
Hi, this action leaks the temporary token as it's passed into the environment for the
upload-file
step. You probably want to do something like this instead:See also https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-masking-a-generated-output-within-a-single-job