mirror of
https://github.com/jdx/mise-action.git
synced 2026-07-03 18:09:31 +00:00
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v6.0.3` → `v7.0.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v7.0.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700) [Compare Source](https://redirect.github.com/actions/checkout/compare/v7.0.0...v7.0.0) - Block checking out fork PR for pull\_request\_target and workflow\_run by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2454](https://redirect.github.com/actions/checkout/pull/2454) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2458](https://redirect.github.com/actions/checkout/pull/2458) - Bump flatted from 3.3.1 to 3.4.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2460](https://redirect.github.com/actions/checkout/pull/2460) - Bump js-yaml from 4.1.0 to 4.2.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2461](https://redirect.github.com/actions/checkout/pull/2461) - Bump [@​actions/core](https://redirect.github.com/actions/core) and [@​actions/tool-cache](https://redirect.github.com/actions/tool-cache) and Remove uuid by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2459](https://redirect.github.com/actions/checkout/pull/2459) - upgrade module to esm and update dependencies by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2463](https://redirect.github.com/actions/checkout/pull/2463) - Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2462](https://redirect.github.com/actions/checkout/pull/2462) ### [`v7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700) [Compare Source](https://redirect.github.com/actions/checkout/compare/v6.0.3...v7.0.0) - Block checking out fork PR for pull\_request\_target and workflow\_run by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2454](https://redirect.github.com/actions/checkout/pull/2454) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2458](https://redirect.github.com/actions/checkout/pull/2458) - Bump flatted from 3.3.1 to 3.4.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2460](https://redirect.github.com/actions/checkout/pull/2460) - Bump js-yaml from 4.1.0 to 4.2.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2461](https://redirect.github.com/actions/checkout/pull/2461) - Bump [@​actions/core](https://redirect.github.com/actions/core) and [@​actions/tool-cache](https://redirect.github.com/actions/tool-cache) and Remove uuid by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2459](https://redirect.github.com/actions/checkout/pull/2459) - upgrade module to esm and update dependencies by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2463](https://redirect.github.com/actions/checkout/pull/2463) - Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2462](https://redirect.github.com/actions/checkout/pull/2462) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
77 lines
2.3 KiB
YAML
77 lines
2.3 KiB
YAML
name: Test Redacted Environment Variables
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test-redacted-env:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Create test mise config with sensitive values
|
|
run: |
|
|
cat > .mise.toml << 'EOF'
|
|
[env]
|
|
PUBLIC_VAR = "this-is-public"
|
|
API_KEY = {value = "secret-api-key-12345", redact = true}
|
|
SECRET_TOKEN = {value = "supersecret-token-xyz", redact = true}
|
|
DATABASE_PASSWORD = {value = "db-pass-789", redact = true}
|
|
EOF
|
|
|
|
- name: Setup mise
|
|
uses: ./
|
|
|
|
- name: Verify environment variables are exported
|
|
run: |
|
|
echo "Checking if environment variables are set..."
|
|
|
|
# Check that public var is set
|
|
if [ "$PUBLIC_VAR" != "this-is-public" ]; then
|
|
echo "ERROR: PUBLIC_VAR not set correctly"
|
|
exit 1
|
|
fi
|
|
echo "✓ PUBLIC_VAR is set correctly"
|
|
|
|
# Check that sensitive vars are set (but their values should be masked in logs)
|
|
if [ -z "$API_KEY" ]; then
|
|
echo "ERROR: API_KEY not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ API_KEY is set"
|
|
|
|
if [ -z "$SECRET_TOKEN" ]; then
|
|
echo "ERROR: SECRET_TOKEN not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ SECRET_TOKEN is set"
|
|
|
|
if [ -z "$DATABASE_PASSWORD" ]; then
|
|
echo "ERROR: DATABASE_PASSWORD not set"
|
|
exit 1
|
|
fi
|
|
echo "✓ DATABASE_PASSWORD is set"
|
|
|
|
- name: Test that sensitive values are masked (will show *** if properly masked)
|
|
run: |
|
|
echo "Testing value masking..."
|
|
echo "API_KEY value: $API_KEY"
|
|
echo "SECRET_TOKEN value: $SECRET_TOKEN"
|
|
echo "DATABASE_PASSWORD value: $DATABASE_PASSWORD"
|
|
echo "PUBLIC_VAR value: $PUBLIC_VAR"
|
|
|
|
# This should show the actual values in the step output,
|
|
# but GitHub Actions should mask them if core.setSecret was called
|
|
|
|
- name: Verify mise version
|
|
run: mise --version
|