search

actions / toolkit

The GitHub ToolKit for developing GitHub Actions.
https://github.com/features/actions
MIT License
5k stars 1.44k forks source link

Expose a way for an action to ask GitHub API to mask secrets in a string #976

Open jetersen opened 2 years ago

jetersen commented 2 years ago

Describe the enhancement Some actions like https://github.com/release-drafter/release-drafter works with a lot of templating features inside an action and has output in to release notes and action output. It would be great if we had a way to mask our output for any repo or org secrets.

Code Snippet

const maskedOutput = core.maskOutput(output)

Where maskOutput would call a GitHub Action API that will mask any secrets in a string with ****.

Additional information Somewhat of security concern for potentially leaking secrets with the intent of providing flexibility for users to generate good release notes.

https://github.com/release-drafter/release-drafter/pull/892 https://github.com/release-drafter/release-drafter/issues/847

mkurz commented 2 years ago

+1

jetersen commented 2 years ago

@thboop is at all possible to check what is marked as secrets ?

So an action could safely mask output to release notes? or mask output to somewhere else besides logs.