Open dennisameling opened 1 year ago
@dennisameling thanks for your concern here! This does appear to be a bug with actions/runner upstream as you've linked; I can't find anywhere in this repository we have logic related to masking specifically.
I do think that a README update might be useful here. Is that something you have interest in creating?
Sorry for the late reply here!
I do think that a README update might be useful here. Is that something you have interest in creating?
Sure, please give me a few days to work through some other things first. Will link the PR to this issue when done 👍🏼
Perhaps an enterprising Hacktoberfest contributor may want to take this on!
What happened?
Consider the following Actions config:
This actually exposes the token to the CI logs, as also reported in this issue: https://github.com/actions/runner/issues/475
You might want to add a warning about this to the README of this action or find another solution to hide this sensitive data. Thanks!
Versions
octokit/request-action@v2.x
Relevant log output
Code of Conduct