Closed trivikr closed 3 years ago
wei
commented
3 years ago Thanks @trivikr for the detailed issue!!
This sounds like a GitHub Actions bug. Please reach out to GitHub support at https://support.github.com/contact and let us know what they say 😃 If you prefer, I can open an issue on my end as well.
trivikr
commented
3 years ago Please reach out to GitHub support at support.github.com/contact and let us know what they say
Created an issue with https://github.com/actions/runner/issues/943 Should we contact GitHub support separately?
wei
commented
3 years ago Thanks @trivikr ! I haven't really looked at that repo. You could monitor it for a few days and contact support directly if you hear nothing.
trivikr
commented
3 years ago As per the response in https://github.com/actions/runner/issues/943#issuecomment-768000789, the GitHub Action doesn't mask the substring of the secret.
How about adding the following parameters in git-sync to fix this issue?
username: username to checkout GitHub repo over https.personal_access_token: personal access token to access GitHub repo over https.The existing destination_repo can be modified to accept org/repository.git. the GitHub Action script can prefix git@github.com: or https://${username}:${personal_access_token}@github.com/ based on what values are populated in the configuration.
The following options may be added, in case values are different for source and destination. I don't have a strong opinion on these though:
source_username: username for source repo to checkout GitHub repo over https.destination_username: username for destination repo to checkout GitHub repo over https.source_personal_access_token: personal access token to access source GitHub repo over https.destination_personal_access_token: personal access token to access destination GitHub repo over https.@wei WDYT?
wei
commented
3 years ago Why don't you just put org/repository in your secret? This should mask the output correctly.
You are using this format for source_repo so I assumed you were doing the same for destination_repo. Any reason for the difference?
trivikr
commented
3 years ago Why don't you just put
org/repositoryin your secret? This should mask the output correctly.
Putting org/repository in the secret fails the git-sync action run.
This happens as git@github.com: is not prefixed for value defined in destination_repo.
I've created a new issue to track it at #26.
The fix for #26 would also fix this issue too.
You are using this format for source_repo so I assumed you were doing the same for destination_repo. Any reason for the difference?
The README states using the entire git ssh URI in https://github.com/wei/git-sync#github-actions The README can be updated with the fix for #26
wei
commented
3 years ago Replied to #26.
It should work once you set DESTINATION_SSH_PRIVATE_KEY in your repo secrets.
wei
commented
3 years ago The README states using the entire git ssh URI in https://github.com/wei/git-sync#github-actions
Uhh, I see. It's just an example both repo shorthand and full clone url will work.
Having the full clone url works perfectly, using the shorthand just lets GitHub actions mask your secrets better. 😸
trivikr
commented
3 years ago Uhh, I see. It's just an example both repo shorthand and full clone url will work.
I updated the example in PR https://github.com/wei/git-sync/pull/27 so that shorthand is used in both source_repo and destination_repo
trivikr
commented
3 years ago It should work once you set
DESTINATION_SSH_PRIVATE_KEYin your repo secrets.
Verified that destination git repository address is masked if the secret contains shorthand "username/repository.git""username/repository" in the following GitHub Action run: https://github.com/trivikr/git-sync-test/runs/1778315662?check_suite_focus=true
wei
commented
3 years ago Great. Just to clarify, the destination_repo is username/repository not username/repository.git. Cheers!
trivikr
commented
3 years ago Just to clarify, the
destination_repoisusername/repositorynotusername/repository.git.
Thanks. Fixed the typo in my comment :+1:
Is your feature request related to a problem? Please describe. The git push output shows destination repository address even if it is provided as a GitHub secret
Steps to reproduce:
GIT_SYNC_DESTINATION_REPO.Repro git-sync config
```yml name: git-sync on: # Triggers the workflow on push events but only for the main branch push: branches: [ main ] jobs: git-sync: runs-on: ubuntu-latest steps: - name: git-sync uses: wei/git-sync@v3 with: source_repo: "trivikr/git-sync-test" source_branch: "main" destination_repo: ${{ secrets.GIT_SYNC_DESTINATION_REPO }} destination_branch: "main" source_ssh_private_key: ${{ secrets.SOURCE_SSH_PRIVATE_KEY }} destination_ssh_private_key: ${{ secrets.DESTINATION_SSH_PRIVATE_KEY }} ```GitHub Action test run output
```console SOURCE=git@github.com:trivikr/git-sync-test.git:main DESTINATION=***:main Cloning into '/root/source'... Warning: Permanently added 'github.com,140.82.113.4' (RSA) to the list of known hosts. Warning: Permanently added the RSA host key for IP address '140.82.112.4' to the list of known hosts. * main 0ebf7d8 [source/main] chore: allow manually running git-sync workflow remotes/source/HEAD -> source/main remotes/source/main 0ebf7d8 chore: allow manually running git-sync workflow Warning: Permanently added the RSA host key for IP address '140.82.114.3' to the list of known hosts. To github.com:trivikr/private-git-sync-test.git b27fdec..0ebf7d8 main -> main ```Note that private git repository name is hidden when DESTINATION is printed:
However, it's shown in git output.
Describe the solution you'd like Hide the destination repository name in GitHub Action logs.