Skip to content

security: fix token leakage in workflow logs #24

security: fix token leakage in workflow logs

security: fix token leakage in workflow logs #24

Workflow file for this run

name: Build Docker Image
on:
push:
branches:
- main
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v2
- uses: jerray/[email protected]
with:
aliyun-cli-version: "3.0.183"
mode: AK
access-key-id: ${{ secrets.ALIYUN_ACCESS_KEY_ID }}
access-key-secret: ${{ secrets.ALIYUN_ACCESS_KEY_SECRET }}
region: cn-beijing
- id: aliyun-cr-token
name: Obtain Aliyun Container Registry credentials
run: |
aliyun cr --force --version 2016-06-07 GET /tokens > cr_token.json
TOKEN=$(jq -r '.data.authorizationToken' cr_token.json)
echo "::add-mask::$TOKEN"
echo "json<<EOF" >> $GITHUB_OUTPUT
cat cr_token.json >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
rm -f cr_token.json
- name: Login to Aliyun Container Registry
uses: docker/login-action@v2
with:
registry: registry.cn-beijing.aliyuncs.com
username: ${{ fromJson(steps.aliyun-cr-token.outputs.json).data.tempUserName }}
password: ${{ fromJson(steps.aliyun-cr-token.outputs.json).data.authorizationToken }}
- name: Build and push Image
uses: docker/build-push-action@v3
with:
context: .
build-args: |
VITE_API_URL=${{ secrets.API_URL }}
VITE_ANALYTICS_CF_TOKEN=${{ secrets.CF_ANALYTICS_TOKEN }}
push: true
tags: |
registry.cn-beijing.aliyuncs.com/jingbh/bjut-su-appeal:frontend
cache-from: type=gha
cache-to: type=gha,mode=max