fix(sec): Reduct sensitive data from Maestro logs

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Reduct sensitive data from Maestro logs.

Other considered approaches:

• Checked if Maestro has a way to not emit this kind of data in the command logs but there is no such option ❌
• Tried other ways of passing the token in the Maestro cli command. Unfortunately, Maestro is always logging the defineVariablesCommand.env section which shows all resolved environment variables. ❌
• A working alternative is to remove the logs artifact completely, but it is sometimes useful for debugging failures since Maestro tests may behave differently on CI ⚠️

💡 Motivation and Context

Sensitive data from Maestro logs

💚 How did you test it?

• Tested the command locally with an actual maestro zip
• Tested the secret reduction script with 431eccd and verified that the produced artifacts had the dummy secret redacted and the Github command logs (my initial approach leaked there) did not contain the secret either

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

#skip-changelog

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1211.29 ms	1209.96 ms	-1.34 ms
Size	3.19 MiB	4.34 MiB	1.16 MiB

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	401.10 ms	395.96 ms	-5.14 ms
Size	7.15 MiB	8.42 MiB	1.26 MiB

[lucas-zimerman]

I didn't notice any user secrets in on the actions but at the same time I haven't seen your action running.

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1221.24 ms	1239.02 ms	17.78 ms
Size	2.63 MiB	3.77 MiB	1.14 MiB

[lucas-zimerman]

I'd say with the ci test you did, it's enough validation for it to be approved without depending on a real secret validation.

[antonis]

I'd say with the ci test you did, it's enough validation for it to be approved without depending on a real secret validation.

Thank you for suggesting this approach for testing on CI @lucas-zimerman 🙇
I agree that this should validate that the secret won't leak in the maestro logs.
I'll wait for a real secret to be deployed to make sure all tests are green before merging.

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	467.80 ms	451.31 ms	-16.49 ms
Size	17.75 MiB	20.15 MiB	2.40 MiB

[krystofwoldrich]

Thank you for fixing this so quickly!

[krystofwoldrich]

LGTM 🚀