From 094d2bc0cdc7718a1c9777212860e3c47f516169 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 9 Apr 2025 13:26:53 +0200 Subject: [PATCH] only print secret keys in build summary output Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- src/context.ts | 19 ------------------- src/main.ts | 4 ++-- src/state-helper.ts | 46 +++++++++++++++++++++++++++++++++++++++------ 3 files changed, 42 insertions(+), 27 deletions(-) diff --git a/src/context.ts b/src/context.ts index 0a110a2..49bde50 100644 --- a/src/context.ts +++ b/src/context.ts @@ -81,25 +81,6 @@ export async function getInputs(): Promise { }; } -export function sanitizeInputs(inputs: Inputs) { - const res = {}; - for (const key of Object.keys(inputs)) { - if (key === 'github-token') { - continue; - } - const value: string | string[] | boolean = inputs[key]; - if (typeof value === 'boolean' && value === false) { - continue; - } else if (Array.isArray(value) && value.length === 0) { - continue; - } else if (!value) { - continue; - } - res[key] = value; - } - return res; -} - export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise> { const context = handlebars.compile(inputs.context)({ defaultContext: Context.gitContext() diff --git a/src/main.ts b/src/main.ts index 1493aef..538ec08 100644 --- a/src/main.ts +++ b/src/main.ts @@ -24,8 +24,8 @@ actionsToolkit.run( async () => { const startedTime = new Date(); const inputs: context.Inputs = await context.getInputs(); + stateHelper.setSummaryInputs(inputs); core.debug(`inputs: ${JSON.stringify(inputs)}`); - stateHelper.setInputs(inputs); const toolkit = new Toolkit(); @@ -216,7 +216,7 @@ actionsToolkit.run( await GitHub.writeBuildSummary({ exportRes: exportRes, uploadRes: uploadRes, - inputs: stateHelper.inputs + inputs: stateHelper.summaryInputs }); } catch (e) { core.warning(e.message); diff --git a/src/state-helper.ts b/src/state-helper.ts index ff46763..200771c 100644 --- a/src/state-helper.ts +++ b/src/state-helper.ts @@ -1,20 +1,18 @@ import * as core from '@actions/core'; -import {Inputs, sanitizeInputs} from './context'; +import {Build} from '@docker/actions-toolkit/lib/buildx/build'; + +import {Inputs} from './context'; export const tmpDir = process.env['STATE_tmpDir'] || ''; -export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined; export const buildRef = process.env['STATE_buildRef'] || ''; export const isSummarySupported = !!process.env['STATE_isSummarySupported']; +export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined; export function setTmpDir(tmpDir: string) { core.saveState('tmpDir', tmpDir); } -export function setInputs(inputs: Inputs) { - core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs))); -} - export function setBuildRef(buildRef: string) { core.saveState('buildRef', buildRef); } @@ -22,3 +20,39 @@ export function setBuildRef(buildRef: string) { export function setSummarySupported() { core.saveState('isSummarySupported', 'true'); } + +export function setSummaryInputs(inputs: Inputs) { + const res = {}; + for (const key of Object.keys(inputs)) { + if (key === 'github-token') { + continue; + } + const value: string | string[] | boolean = inputs[key]; + if (typeof value === 'boolean' && !value) { + continue; + } else if (Array.isArray(value)) { + if (value.length === 0) { + continue; + } else if (key === 'secrets' && value.length > 0) { + const secretKeys: string[] = []; + for (const secret of value) { + try { + // eslint-disable-next-line @typescript-eslint/no-unused-vars + const [skey, _] = Build.parseSecretKvp(secret, true); + secretKeys.push(skey); + } catch (err) { + // ignore invalid secret + } + } + if (secretKeys.length > 0) { + res[key] = secretKeys; + } + continue; + } + } else if (!value) { + continue; + } + res[key] = value; + } + core.saveState('summaryInputs', JSON.stringify(res)); +}