mirror of
https://github.com/jdx/mise-action.git
synced 2026-05-15 14:20:32 +00:00
f81706fcc0
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `08eba0b` -> `34e1148` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `08c6903` -> `93cb6ef` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on friday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
72 lines
2.2 KiB
YAML
72 lines
2.2 KiB
YAML
name: Test Redacted Environment Variables
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
test-redacted-env:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
|
|
|
- name: Create test mise config with sensitive values
|
|
run: |
|
|
cat > .mise.toml << 'EOF'
|
|
[env]
|
|
PUBLIC_VAR = "this-is-public"
|
|
API_KEY = {value = "secret-api-key-12345", redact = true}
|
|
SECRET_TOKEN = {value = "supersecret-token-xyz", redact = true}
|
|
DATABASE_PASSWORD = {value = "db-pass-789", redact = true}
|
|
EOF
|
|
|
|
- name: Setup mise
|
|
uses: ./
|
|
|
|
- name: Verify environment variables are exported
|
|
run: |
|
|
echo "Checking if environment variables are set..."
|
|
|
|
# Check that public var is set
|
|
if [ "$PUBLIC_VAR" != "this-is-public" ]; then
|
|
echo "ERROR: PUBLIC_VAR not set correctly"
|
|
exit 1
|
|
fi
|
|
echo "✓ PUBLIC_VAR is set correctly"
|
|
|
|
# Check that sensitive vars are set (but their values should be masked in logs)
|
|
if [ -z "$API_KEY" ]; then
|
|
echo "ERROR: API_KEY not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ API_KEY is set"
|
|
|
|
if [ -z "$SECRET_TOKEN" ]; then
|
|
echo "ERROR: SECRET_TOKEN not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ SECRET_TOKEN is set"
|
|
|
|
if [ -z "$DATABASE_PASSWORD" ]; then
|
|
echo "ERROR: DATABASE_PASSWORD not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ DATABASE_PASSWORD is set"
|
|
|
|
- name: Test that sensitive values are masked (will show *** if properly masked)
|
|
run: |
|
|
echo "Testing value masking..."
|
|
echo "API_KEY value: $API_KEY"
|
|
echo "SECRET_TOKEN value: $SECRET_TOKEN"
|
|
echo "DATABASE_PASSWORD value: $DATABASE_PASSWORD"
|
|
echo "PUBLIC_VAR value: $PUBLIC_VAR"
|
|
|
|
# This should show the actual values in the step output,
|
|
# but GitHub Actions should mask them if core.setSecret was called
|
|
|
|
- name: Verify mise version
|
|
run: mise --version
|