mirror of
https://github.com/jdx/mise-action.git
synced 2026-05-14 22:00:34 +00:00
c1a019b8d2
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout)
([changelog](8e8c483db8..de0fac2e45))
| action | digest | `8e8c483` → `de0fac2` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
72 lines
2.2 KiB
YAML
72 lines
2.2 KiB
YAML
name: Test Redacted Environment Variables
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
test-redacted-env:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
|
|
- name: Create test mise config with sensitive values
|
|
run: |
|
|
cat > .mise.toml << 'EOF'
|
|
[env]
|
|
PUBLIC_VAR = "this-is-public"
|
|
API_KEY = {value = "secret-api-key-12345", redact = true}
|
|
SECRET_TOKEN = {value = "supersecret-token-xyz", redact = true}
|
|
DATABASE_PASSWORD = {value = "db-pass-789", redact = true}
|
|
EOF
|
|
|
|
- name: Setup mise
|
|
uses: ./
|
|
|
|
- name: Verify environment variables are exported
|
|
run: |
|
|
echo "Checking if environment variables are set..."
|
|
|
|
# Check that public var is set
|
|
if [ "$PUBLIC_VAR" != "this-is-public" ]; then
|
|
echo "ERROR: PUBLIC_VAR not set correctly"
|
|
exit 1
|
|
fi
|
|
echo "✓ PUBLIC_VAR is set correctly"
|
|
|
|
# Check that sensitive vars are set (but their values should be masked in logs)
|
|
if [ -z "$API_KEY" ]; then
|
|
echo "ERROR: API_KEY not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ API_KEY is set"
|
|
|
|
if [ -z "$SECRET_TOKEN" ]; then
|
|
echo "ERROR: SECRET_TOKEN not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ SECRET_TOKEN is set"
|
|
|
|
if [ -z "$DATABASE_PASSWORD" ]; then
|
|
echo "ERROR: DATABASE_PASSWORD not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ DATABASE_PASSWORD is set"
|
|
|
|
- name: Test that sensitive values are masked (will show *** if properly masked)
|
|
run: |
|
|
echo "Testing value masking..."
|
|
echo "API_KEY value: $API_KEY"
|
|
echo "SECRET_TOKEN value: $SECRET_TOKEN"
|
|
echo "DATABASE_PASSWORD value: $DATABASE_PASSWORD"
|
|
echo "PUBLIC_VAR value: $PUBLIC_VAR"
|
|
|
|
# This should show the actual values in the step output,
|
|
# but GitHub Actions should mask them if core.setSecret was called
|
|
|
|
- name: Verify mise version
|
|
run: mise --version
|