From 85a8ef66efca9f49746ed8d640ed21e2241a8b8b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 25 Apr 2026 23:49:43 +0000 Subject: [PATCH 1/9] feat: add support for object form for observability.otlp.headers - Change OTLPConfig.Headers from string to any to accept both string (deprecated) and map forms - Add normalizeOTLPHeaders helper to convert string/map to OTEL env var format - Emit deprecation warning when string form is used - Update extractOTLPConfigFromRaw and injectOTLPConfig to handle map form - Update mcp_gateway_config.go to normalize any headers - Update JSON schema to accept headers as string (deprecated) or object - Add comprehensive tests for new map form and normalizeOTLPHeaders" Agent-Logs-Url: https://github.com/github/gh-aw/sessions/2675d86c-ca85-4710-9264-b59e71b4b1b0 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../docs/reference/frontmatter-full.md | 17 +- pkg/parser/schemas/main_workflow_schema.json | 15 +- pkg/workflow/frontmatter_types.go | 11 +- pkg/workflow/mcp_gateway_config.go | 3 +- pkg/workflow/observability_otlp.go | 61 ++++- pkg/workflow/observability_otlp_test.go | 250 +++++++++++++++++- 6 files changed, 341 insertions(+), 16 deletions(-) diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md index 701e785f5ba..e1af6c97afd 100644 --- a/docs/src/content/docs/reference/frontmatter-full.md +++ b/docs/src/content/docs/reference/frontmatter-full.md @@ -5777,11 +5777,20 @@ observability: # (optional) endpoint: "example-value" - # Comma-separated list of key=value HTTP headers to include with every OTLP export - # request (e.g. 'Authorization=Bearer '). Supports GitHub Actions - # expressions such as ${{ secrets.OTLP_HEADERS }}. Injected as the - # OTEL_EXPORTER_OTLP_HEADERS environment variable. # (optional) + # This field supports multiple formats (oneOf): + + # Option 1: Map of HTTP header names to values to include with every OTLP export + # request. Values support GitHub Actions expressions such as ${{ secrets.TOKEN }}. + # Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable. + headers: + {} + + # Option 2: Deprecated: use the map form instead. Comma-separated list of + # key=value HTTP headers to include with every OTLP export request (e.g. + # 'Authorization=Bearer '). Supports GitHub Actions expressions such as ${{ + # secrets.OTLP_HEADERS }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment + # variable. headers: "example-value" # Allow list of bot identifiers that can trigger the workflow even if they don't diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json index 8a23647f3b3..7f3b02f5e50 100644 --- a/pkg/parser/schemas/main_workflow_schema.json +++ b/pkg/parser/schemas/main_workflow_schema.json @@ -8675,8 +8675,19 @@ "description": "OTLP collector endpoint URL (e.g. 'https://traces.example.com:4317'). Supports GitHub Actions expressions such as ${{ secrets.OTLP_ENDPOINT }}. When a static URL is provided, its hostname is automatically added to the network firewall allowlist." }, "headers": { - "type": "string", - "description": "Comma-separated list of key=value HTTP headers to include with every OTLP export request (e.g. 'Authorization=Bearer '). Supports GitHub Actions expressions such as ${{ secrets.OTLP_HEADERS }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable." + "oneOf": [ + { + "type": "object", + "description": "Map of HTTP header names to values to include with every OTLP export request. Values support GitHub Actions expressions such as ${{ secrets.TOKEN }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable.", + "additionalProperties": { + "type": "string" + } + }, + { + "type": "string", + "description": "Deprecated: use the map form instead. Comma-separated list of key=value HTTP headers to include with every OTLP export request (e.g. 'Authorization=Bearer '). Supports GitHub Actions expressions such as ${{ secrets.OTLP_HEADERS }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable." + } + ] } }, "additionalProperties": false diff --git a/pkg/workflow/frontmatter_types.go b/pkg/workflow/frontmatter_types.go index 35e5d653a2f..46761b4d185 100644 --- a/pkg/workflow/frontmatter_types.go +++ b/pkg/workflow/frontmatter_types.go @@ -122,11 +122,12 @@ type OTLPConfig struct { // network firewall allowlist. Endpoint string `json:"endpoint,omitempty"` - // Headers is a comma-separated list of key=value HTTP headers to include with - // every OTLP export request (e.g. "Authorization=Bearer "). - // Supports GitHub Actions expressions such as ${{ secrets.OTLP_HEADERS }}. - // Injected as the standard OTEL_EXPORTER_OTLP_HEADERS environment variable. - Headers string `json:"headers,omitempty"` + // Headers holds HTTP headers to include with every OTLP export request. + // Preferred form: a map of header name to value (e.g. {"Authorization": "Bearer ${{ secrets.TOKEN }}"}). + // Deprecated string form: a comma-separated list of key=value pairs + // (e.g. "Authorization=Bearer "). Use the map form instead. + // Both forms are injected as the standard OTEL_EXPORTER_OTLP_HEADERS environment variable. + Headers any `json:"headers,omitempty"` } // ObservabilityConfig represents workflow observability options. diff --git a/pkg/workflow/mcp_gateway_config.go b/pkg/workflow/mcp_gateway_config.go index f191b24a6a1..a61c9814a62 100644 --- a/pkg/workflow/mcp_gateway_config.go +++ b/pkg/workflow/mcp_gateway_config.go @@ -141,7 +141,8 @@ func buildMCPGatewayConfig(workflowData *WorkflowData) *MCPGatewayRuntimeConfig if otlpHeaders == "" && workflowData.ParsedFrontmatter != nil && workflowData.ParsedFrontmatter.Observability != nil && workflowData.ParsedFrontmatter.Observability.OTLP != nil { - otlpHeaders = workflowData.ParsedFrontmatter.Observability.OTLP.Headers + normalized, _ := normalizeOTLPHeaders(workflowData.ParsedFrontmatter.Observability.OTLP.Headers) + otlpHeaders = normalized } } return &MCPGatewayRuntimeConfig{ diff --git a/pkg/workflow/observability_otlp.go b/pkg/workflow/observability_otlp.go index b6b5fe0be8b..4597b8f708a 100644 --- a/pkg/workflow/observability_otlp.go +++ b/pkg/workflow/observability_otlp.go @@ -3,13 +3,56 @@ package workflow import ( "fmt" "net/url" + "os" + "sort" "strings" + "github.com/github/gh-aw/pkg/console" "github.com/github/gh-aw/pkg/logger" ) var otlpLog = logger.New("workflow:observability_otlp") +// normalizeOTLPHeaders converts the headers field value (which may be a string or a map) +// into the comma-separated key=value format required by OTEL_EXPORTER_OTLP_HEADERS. +// +// The second return value is true when the deprecated string form was used, so callers +// can emit a deprecation warning. +// +// String form (deprecated): "Authorization=Bearer tok,X-Tenant=acme" +// Map form (preferred): map[string]any{"Authorization": "Bearer tok", "X-Tenant": "acme"} +func normalizeOTLPHeaders(raw any) (string, bool) { + if raw == nil { + return "", false + } + switch v := raw.(type) { + case string: + if v == "" { + return "", false + } + return v, true // string form is deprecated + case map[string]any: + if len(v) == 0 { + return "", false + } + // Sort keys for deterministic output + keys := make([]string, 0, len(v)) + for k := range v { + keys = append(keys, k) + } + sort.Strings(keys) + var parts []string + for _, k := range keys { + val, _ := v[k].(string) + parts = append(parts, k+"="+val) + } + return strings.Join(parts, ","), false + default: + otlpLog.Printf("Unexpected type for OTLP headers: %T", raw) + return "", false + } +} + // extractOTLPEndpointDomain parses an OTLP endpoint URL and returns its hostname. // Returns an empty string when the endpoint is a GitHub Actions expression (which // cannot be resolved at compile time) or when the URL is otherwise invalid. @@ -103,8 +146,14 @@ func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers str if ep, ok := otlpMap["endpoint"].(string); ok { endpoint = ep } - if h, ok := otlpMap["headers"].(string); ok { - headers = h + if raw, ok := otlpMap["headers"]; ok { + normalized, deprecated := normalizeOTLPHeaders(raw) + if deprecated { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage( + "observability.otlp.headers: string form is deprecated. Use the map form instead (e.g. headers: {Authorization: \"Bearer ${{ secrets.TOKEN }}\"})", + )) + } + headers = normalized } return } @@ -153,7 +202,13 @@ func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { if headers == "" && workflowData.ParsedFrontmatter != nil && workflowData.ParsedFrontmatter.Observability != nil && workflowData.ParsedFrontmatter.Observability.OTLP != nil { - headers = workflowData.ParsedFrontmatter.Observability.OTLP.Headers + normalized, deprecated := normalizeOTLPHeaders(workflowData.ParsedFrontmatter.Observability.OTLP.Headers) + if deprecated { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage( + "observability.otlp.headers: string form is deprecated. Use the map form instead (e.g. headers: {Authorization: \"Bearer ${{ secrets.TOKEN }}\"})", + )) + } + headers = normalized } if headers != "" { otlpEnvLines += "\n OTEL_EXPORTER_OTLP_HEADERS: " + headers diff --git a/pkg/workflow/observability_otlp_test.go b/pkg/workflow/observability_otlp_test.go index 163474ae743..b9e88687adb 100644 --- a/pkg/workflow/observability_otlp_test.go +++ b/pkg/workflow/observability_otlp_test.go @@ -396,7 +396,9 @@ func TestObservabilityConfigParsing(t *testing.T) { require.NotNil(t, config.Observability, "Observability should not be nil") require.NotNil(t, config.Observability.OTLP, "OTLP should not be nil") assert.Equal(t, tt.expectedEndpoint, config.Observability.OTLP.Endpoint, "Endpoint should match") - assert.Equal(t, tt.expectedHeaders, config.Observability.OTLP.Headers, "Headers should match") + // Normalize Headers (any) to string for comparison + normalizedHeaders, _ := normalizeOTLPHeaders(config.Observability.OTLP.Headers) + assert.Equal(t, tt.expectedHeaders, normalizedHeaders, "Headers should match") }) } } @@ -661,3 +663,249 @@ func TestInjectOTLPConfig_OTLPEndpointField(t *testing.T) { assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_ENDPOINT:", "env var should be injected") }) } + +// TestNormalizeOTLPHeaders verifies the normalizeOTLPHeaders helper function. +func TestNormalizeOTLPHeaders(t *testing.T) { + tests := []struct { + name string + input any + expectedHeaders string + expectedDeprecated bool + }{ + { + name: "nil returns empty non-deprecated", + input: nil, + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "empty string returns empty non-deprecated", + input: "", + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "non-empty string returns string as deprecated", + input: "Authorization=Bearer tok", + expectedHeaders: "Authorization=Bearer tok", + expectedDeprecated: true, + }, + { + name: "secret expression string is deprecated", + input: "${{ secrets.OTLP_HEADERS }}", + expectedHeaders: "${{ secrets.OTLP_HEADERS }}", + expectedDeprecated: true, + }, + { + name: "empty map returns empty non-deprecated", + input: map[string]any{}, + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "single-entry map", + input: map[string]any{"Authorization": "Bearer tok"}, + expectedHeaders: "Authorization=Bearer tok", + }, + { + name: "multi-entry map sorts keys deterministically", + input: map[string]any{ + "X-Tenant": "acme", + "Authorization": "Bearer tok", + }, + expectedHeaders: "Authorization=Bearer tok,X-Tenant=acme", + }, + { + name: "map with secret expression value", + input: map[string]any{ + "Authorization": "${{ secrets.TOKEN }}", + "X-Tenant": "acme", + }, + expectedHeaders: "Authorization=${{ secrets.TOKEN }},X-Tenant=acme", + }, + { + name: "unsupported type returns empty non-deprecated", + input: 42, + expectedHeaders: "", + expectedDeprecated: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotHeaders, gotDeprecated := normalizeOTLPHeaders(tt.input) + assert.Equal(t, tt.expectedHeaders, gotHeaders, "headers should match") + assert.Equal(t, tt.expectedDeprecated, gotDeprecated, "deprecated flag should match") + }) + } +} + +// TestInjectOTLPConfig_MapHeaders verifies that the map form for headers is supported. +func TestInjectOTLPConfig_MapHeaders(t *testing.T) { + t.Run("injects OTEL_EXPORTER_OTLP_HEADERS from map form", func(t *testing.T) { + c := &Compiler{} + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "Authorization": "Bearer ${{ secrets.TOKEN }}", + "X-Tenant": "acme", + }, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_HEADERS: Authorization=Bearer ${{ secrets.TOKEN }},X-Tenant=acme", + "headers should be serialised as sorted key=value pairs") + }) + + t.Run("map form with single header", func(t *testing.T) { + c := &Compiler{} + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "api-key": "${{ secrets.API_KEY }}", + }, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_HEADERS: api-key=${{ secrets.API_KEY }}") + }) + + t.Run("map form via ParsedFrontmatter fallback", func(t *testing.T) { + c := &Compiler{} + wd := &WorkflowData{ + ParsedFrontmatter: &FrontmatterConfig{ + Observability: &ObservabilityConfig{ + OTLP: &OTLPConfig{ + Endpoint: "https://traces.example.com", + Headers: map[string]any{ + "Authorization": "Bearer tok", + }, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_HEADERS: Authorization=Bearer tok", + "map headers should work via ParsedFrontmatter fallback") + }) +} + +// TestExtractOTLPConfigFromRaw_MapHeaders verifies map-form headers in extractOTLPConfigFromRaw. +func TestExtractOTLPConfigFromRaw_MapHeaders(t *testing.T) { + tests := []struct { + name string + frontmatter map[string]any + wantEndpoint string + wantHeaders string + }{ + { + name: "map form with multiple headers sorted", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "X-Tenant": "acme", + "Authorization": "Bearer tok", + }, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "Authorization=Bearer tok,X-Tenant=acme", + }, + { + name: "map form with secret expression value", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "Authorization": "${{ secrets.TOKEN }}", + }, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "Authorization=${{ secrets.TOKEN }}", + }, + { + name: "empty map produces no headers", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{}, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotEndpoint, gotHeaders := extractOTLPConfigFromRaw(tt.frontmatter) + assert.Equal(t, tt.wantEndpoint, gotEndpoint, "endpoint") + assert.Equal(t, tt.wantHeaders, gotHeaders, "headers") + }) + } +} + +// TestObservabilityConfigParsing_MapHeaders verifies that the map form for headers is +// correctly parsed by ParseFrontmatterConfig. +func TestObservabilityConfigParsing_MapHeaders(t *testing.T) { + t.Run("map headers parsed as any type", func(t *testing.T) { + frontmatter := map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "Authorization": "Bearer tok", + "X-Tenant": "acme", + }, + }, + }, + } + config, err := ParseFrontmatterConfig(frontmatter) + require.NoError(t, err, "ParseFrontmatterConfig should not fail") + require.NotNil(t, config.Observability) + require.NotNil(t, config.Observability.OTLP) + assert.Equal(t, "https://traces.example.com", config.Observability.OTLP.Endpoint) + + // The Headers field should hold the map as-is + headersMap, ok := config.Observability.OTLP.Headers.(map[string]any) + require.True(t, ok, "Headers should be a map[string]any when map form is used") + assert.Equal(t, "Bearer tok", headersMap["Authorization"]) + assert.Equal(t, "acme", headersMap["X-Tenant"]) + }) + + t.Run("string headers parsed as any string", func(t *testing.T) { + frontmatter := map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": "Authorization=Bearer tok", + }, + }, + } + config, err := ParseFrontmatterConfig(frontmatter) + require.NoError(t, err, "ParseFrontmatterConfig should not fail") + require.NotNil(t, config.Observability) + require.NotNil(t, config.Observability.OTLP) + headersStr, ok := config.Observability.OTLP.Headers.(string) + require.True(t, ok, "Headers should be a string when string form is used") + assert.Equal(t, "Authorization=Bearer tok", headersStr) + }) +} From 5acc9eb4561cc98c5a44434c0f49180ef53f7c1f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 25 Apr 2026 23:51:40 +0000 Subject: [PATCH 2/9] fix: skip non-string map values in normalizeOTLPHeaders with debug log Also add test for non-string map value skipping behavior Agent-Logs-Url: https://github.com/github/gh-aw/sessions/2675d86c-ca85-4710-9264-b59e71b4b1b0 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/observability_otlp.go | 6 +++++- pkg/workflow/observability_otlp_test.go | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pkg/workflow/observability_otlp.go b/pkg/workflow/observability_otlp.go index 4597b8f708a..88a46a27bb1 100644 --- a/pkg/workflow/observability_otlp.go +++ b/pkg/workflow/observability_otlp.go @@ -43,7 +43,11 @@ func normalizeOTLPHeaders(raw any) (string, bool) { sort.Strings(keys) var parts []string for _, k := range keys { - val, _ := v[k].(string) + val, ok := v[k].(string) + if !ok { + otlpLog.Printf("OTLP headers map: value for key %q is not a string (got %T), skipping", k, v[k]) + continue + } parts = append(parts, k+"="+val) } return strings.Join(parts, ","), false diff --git a/pkg/workflow/observability_otlp_test.go b/pkg/workflow/observability_otlp_test.go index b9e88687adb..64b4261ec82 100644 --- a/pkg/workflow/observability_otlp_test.go +++ b/pkg/workflow/observability_otlp_test.go @@ -729,6 +729,15 @@ func TestNormalizeOTLPHeaders(t *testing.T) { expectedHeaders: "", expectedDeprecated: false, }, + { + name: "non-string map values are skipped", + input: map[string]any{ + "Authorization": "Bearer tok", + "bad-value": 123, // non-string: skipped + }, + expectedHeaders: "Authorization=Bearer tok", + expectedDeprecated: false, + }, } for _, tt := range tests { From 3695c4396fe66d07d2e267b7f860b191dddad095 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 00:04:22 +0000 Subject: [PATCH 3/9] docs(adr): add draft ADR-28524 for object-form OTLP headers support Co-Authored-By: Claude Sonnet 4.6 --- ...24-support-object-form-for-otlp-headers.md | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 docs/adr/28524-support-object-form-for-otlp-headers.md diff --git a/docs/adr/28524-support-object-form-for-otlp-headers.md b/docs/adr/28524-support-object-form-for-otlp-headers.md new file mode 100644 index 00000000000..8dab37dc1a0 --- /dev/null +++ b/docs/adr/28524-support-object-form-for-otlp-headers.md @@ -0,0 +1,80 @@ +# ADR-28524: Support Object Form for `observability.otlp.headers` + +**Date**: 2026-04-26 +**Status**: Draft +**Deciders**: pelikhan + +--- + +## Part 1 — Narrative (Human-Friendly) + +### Context + +Workflow frontmatter supports an `observability.otlp.headers` field for passing HTTP headers to an OTLP collector. The original form accepted only a comma-separated `key=value` string (e.g., `"Authorization=Bearer ${{ secrets.TOKEN }},X-Tenant=acme"`). This forced authors to concatenate multiple secrets into a single expression, which is cumbersome, error-prone, and inconsistent with how the `env` field already accepts maps of `name: value` pairs. As observability adoption grew, users increasingly needed to specify multiple headers with individual secret references. + +### Decision + +We will extend `OTLPConfig.Headers` from a `string` field to a polymorphic `any` field that accepts either a map of string key-to-value pairs (preferred) or a comma-separated string (deprecated). A new `normalizeOTLPHeaders` helper converts either form into the `key=value,...` format required by the `OTEL_EXPORTER_OTLP_HEADERS` environment variable. The string form is retained for backwards compatibility but emits a deprecation warning to `stderr` on use. + +### Alternatives Considered + +#### Alternative 1: Keep String Form, Add Multi-Secret Concatenation Helper + +A new expression helper (e.g., `${{ otlp.headers(key1=val1, key2=val2) }}`) could be introduced to construct the header string. This would avoid a type change on the Go struct but would require a new expression-language feature, adding significant implementation surface and coupling the feature to the expression evaluator. It was rejected because it adds more complexity than switching to a map. + +#### Alternative 2: Introduce a Structured List/Array Form + +Headers could be expressed as a list of `{name, value}` objects: `headers: [{name: Authorization, value: "Bearer ${{ secrets.TOKEN }}"}]`. This is more explicit and mirrors patterns in other YAML-based CI systems. However, it is more verbose than a map for the common case and would require a separate deprecation/migration path from the current string form. The map form was preferred as it mirrors the established `env` pattern already familiar to workflow authors. + +### Consequences + +#### Positive +- Individual header values can reference separate GitHub Actions secrets, improving security hygiene. +- The map syntax is consistent with the `env` field pattern, reducing cognitive overhead for authors. +- Comprehensive test coverage for both forms reduces regression risk during the deprecation window. + +#### Negative +- `OTLPConfig.Headers` is now typed as `any` in Go, requiring runtime type assertions wherever the field is read; any code that directly accessed `Headers` as a `string` must be updated. +- Two valid input forms must be supported and tested throughout the deprecation window, increasing maintenance burden. + +#### Neutral +- JSON Schema is updated to `oneOf: [object, string]`, which may affect tooling that provides schema-based autocompletion. +- Non-string values inside the map are silently skipped with a debug log rather than producing a validation error; stricter validation may be desirable in future. + +--- + +## Part 2 — Normative Specification (RFC 2119) + +> The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHALL**, **SHALL NOT**, **SHOULD**, **SHOULD NOT**, **RECOMMENDED**, **MAY**, and **OPTIONAL** in this section are to be interpreted as described in [RFC 2119](https://www.rfc-editor.org/rfc/rfc2119). + +### Header Field Schema + +1. The `observability.otlp.headers` field **MUST** accept both a string value and an object (map of string keys to string values). +2. The JSON schema for this field **MUST** express the two accepted types using `oneOf` with separate sub-schemas for the object form and the string form. +3. The object form **MUST** be listed first in the `oneOf` array and **MUST** be the documented preferred form. + +### Normalization + +1. Implementations **MUST** convert the headers value (regardless of input form) into the `key=value,...` format before injecting it as `OTEL_EXPORTER_OTLP_HEADERS`. +2. When the headers value is a map, implementations **MUST** produce a deterministic output by sorting keys lexicographically. +3. When a map entry's value is not a string, implementations **MUST NOT** include that entry in the normalized output and **SHOULD** emit a debug-level log message identifying the skipped key. +4. When the headers value is a `nil`, empty string, or empty map, implementations **MUST** produce an empty string and **MUST NOT** inject the `OTEL_EXPORTER_OTLP_HEADERS` variable. + +### Deprecation + +1. When the string form is used, implementations **MUST** emit a deprecation warning to `stderr` directing authors to use the map form. +2. Implementations **MUST NOT** reject or fail compilation when the string form is provided; the string value **MUST** be passed through unchanged to `OTEL_EXPORTER_OTLP_HEADERS`. +3. Implementations **SHOULD NOT** remove the string form without a documented removal timeline and a major version bump. + +### Go Type Constraint + +1. The `OTLPConfig.Headers` struct field **MUST** be typed as `any` (Go `interface{}`). +2. All read sites of `OTLPConfig.Headers` **MUST** route through the `normalizeOTLPHeaders` helper rather than performing inline type assertions. + +### Conformance + +An implementation is considered conformant with this ADR if it satisfies all **MUST** and **MUST NOT** requirements above. Failure to meet any **MUST** or **MUST NOT** requirement constitutes non-conformance. + +--- + +*This is a DRAFT ADR generated by the [Design Decision Gate](https://github.com/github/gh-aw/actions/runs/24943747500) workflow. The PR author must review, complete, and finalize this document before the PR can merge.* From c65a73887aec4b427ae8bbb08846c5cdd8f1911a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 26 Apr 2026 00:08:28 +0000 Subject: [PATCH 4/9] feat: mask individual header values and strip Bearer prefix in OTLP mask step The generateOTLPHeadersMaskStep now: 1. Masks the entire OTEL_EXPORTER_OTLP_HEADERS value (existing) 2. Parses each comma-separated header pair and masks the individual value 3. For "Bearer " Authorization values, also masks the raw token without the scheme prefix so it's redacted even when it appears alone Agent-Logs-Url: https://github.com/github/gh-aw/sessions/f0388cf2-5cdf-4713-9c48-034efe1230db Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/observability_otlp.go | 29 +++++++++++++++++++------ pkg/workflow/observability_otlp_test.go | 4 ++++ 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/pkg/workflow/observability_otlp.go b/pkg/workflow/observability_otlp.go index 88a46a27bb1..5ac521a82a7 100644 --- a/pkg/workflow/observability_otlp.go +++ b/pkg/workflow/observability_otlp.go @@ -112,16 +112,31 @@ func isOTLPHeadersPresent(data *WorkflowData) bool { // subsequent occurrence of it in the job logs with "***", preventing authentication // tokens from leaking even when runner debug logging is enabled. // -// The run command uses mixed quoting ('::add-mask::' followed by "$VAR") so that -// the prefix is treated as a literal string (safe from injection in the prefix) -// while the environment variable is still expanded at runtime. +// The step performs three levels of masking: +// 1. The entire OTEL_EXPORTER_OTLP_HEADERS value (comma-separated header pairs). +// 2. Each individual header value extracted from the pairs, so that a token +// appearing without its header name prefix is also redacted. +// 3. For Authorization-style "Bearer " credentials, the raw token after +// stripping the "Bearer " scheme prefix, so it is masked even when it appears +// without the scheme (e.g. in downstream tool logs). +// +// Mixed quoting ('::add-mask::' followed by "$VAR") is used throughout so the +// directive prefix is treated as a literal string while the variable values are +// expanded at runtime. func generateOTLPHeadersMaskStep() string { var sb strings.Builder sb.WriteString(" - name: Mask OTLP telemetry headers\n") - // Use mixed quoting: single-quoted prefix concatenated with double-quoted variable - // so the ::add-mask:: prefix is never subject to shell word-splitting or glob expansion, - // and the variable value is expanded but not further interpreted. - sb.WriteString(" run: echo '::add-mask::'\"$OTEL_EXPORTER_OTLP_HEADERS\"\n") + sb.WriteString(" run: |\n") + // Level 1: mask the entire comma-separated headers string. + sb.WriteString(" echo '::add-mask::'\"$OTEL_EXPORTER_OTLP_HEADERS\"\n") + // Levels 2 & 3: split on commas, extract each value, and mask it individually. + // For "Bearer " values, also mask the raw token without the scheme prefix. + sb.WriteString(" printf '%s' \"$OTEL_EXPORTER_OTLP_HEADERS\" | tr ',' '\\n' | while IFS= read -r _pair; do\n") + sb.WriteString(" _val=\"${_pair#*=}\"\n") + sb.WriteString(" [ -n \"$_val\" ] && echo '::add-mask::'\"$_val\"\n") + sb.WriteString(" _no_bearer=\"${_val#Bearer }\"\n") + sb.WriteString(" [ \"$_no_bearer\" != \"$_val\" ] && echo '::add-mask::'\"$_no_bearer\"\n") + sb.WriteString(" done\n") return sb.String() } diff --git a/pkg/workflow/observability_otlp_test.go b/pkg/workflow/observability_otlp_test.go index 64b4261ec82..00a27800037 100644 --- a/pkg/workflow/observability_otlp_test.go +++ b/pkg/workflow/observability_otlp_test.go @@ -579,6 +579,10 @@ func TestGenerateOTLPHeadersMaskStep(t *testing.T) { assert.Contains(t, step, "::add-mask::", "should emit the ::add-mask:: workflow command") assert.Contains(t, step, "$OTEL_EXPORTER_OTLP_HEADERS", "should reference the headers env var") assert.Contains(t, step, "echo", "should use echo to emit the mask command") + // Should also parse individual header values and strip "Bearer " prefix. + assert.Contains(t, step, "Bearer ", "should strip Bearer prefix from authorization values") + assert.Contains(t, step, "tr ',' '\\n'", "should split headers on commas") + assert.Contains(t, step, "_no_bearer", "should extract value without Bearer prefix") } // TestInjectOTLPConfig_HeadersPresenceAfterInjection verifies that From e302f87819ae2ec53f156e5491eca6326b5193a8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 26 Apr 2026 00:19:54 +0000 Subject: [PATCH 5/9] chore: plan to address reviewer comments on duplicate deprecation warnings Agent-Logs-Url: https://github.com/github/gh-aw/sessions/9d7b90fb-97a7-4d37-81ea-71daf6c9e0e5 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../agentic-observability-kit.lock.yml | 27 +++++++++++-- .../agentic-optimization-kit.lock.yml | 27 +++++++++++-- .../workflows/api-consumption-report.lock.yml | 27 +++++++++++-- .github/workflows/audit-workflows.lock.yml | 27 +++++++++++-- .github/workflows/blog-auditor.lock.yml | 27 +++++++++++-- .../claude-code-user-docs-review.lock.yml | 27 +++++++++++-- .../workflows/copilot-agent-analysis.lock.yml | 27 +++++++++++-- .../copilot-pr-merged-report.lock.yml | 27 +++++++++++-- .../copilot-pr-nlp-analysis.lock.yml | 27 +++++++++++-- .../copilot-pr-prompt-analysis.lock.yml | 27 +++++++++++-- .../copilot-session-insights.lock.yml | 27 +++++++++++-- .../workflows/copilot-token-audit.lock.yml | 27 +++++++++++-- .../daily-architecture-diagram.lock.yml | 27 +++++++++++-- .../daily-assign-issue-to-user.lock.yml | 27 +++++++++++-- .github/workflows/daily-choice-test.lock.yml | 27 +++++++++++-- .../workflows/daily-cli-performance.lock.yml | 27 +++++++++++-- .../workflows/daily-cli-tools-tester.lock.yml | 27 +++++++++++-- .github/workflows/daily-code-metrics.lock.yml | 27 +++++++++++-- .../daily-community-attribution.lock.yml | 27 +++++++++++-- .../workflows/daily-compiler-quality.lock.yml | 27 +++++++++++-- .github/workflows/daily-doc-healer.lock.yml | 27 +++++++++++-- .github/workflows/daily-doc-updater.lock.yml | 27 +++++++++++-- .github/workflows/daily-fact.lock.yml | 39 ++++++++++++++----- .github/workflows/daily-file-diet.lock.yml | 27 +++++++++++-- .../workflows/daily-firewall-report.lock.yml | 27 +++++++++++-- .../workflows/daily-function-namer.lock.yml | 27 +++++++++++-- .../daily-integrity-analysis.lock.yml | 27 +++++++++++-- .../workflows/daily-issues-report.lock.yml | 27 +++++++++++-- .../daily-malicious-code-scan.lock.yml | 27 +++++++++++-- .../daily-mcp-concurrency-analysis.lock.yml | 27 +++++++++++-- .../daily-multi-device-docs-tester.lock.yml | 27 +++++++++++-- .github/workflows/daily-news.lock.yml | 27 +++++++++++-- .../daily-observability-report.lock.yml | 39 ++++++++++++++----- ...aily-otel-instrumentation-advisor.lock.yml | 27 +++++++++++-- .../daily-performance-summary.lock.yml | 27 +++++++++++-- .github/workflows/daily-regulatory.lock.yml | 27 +++++++++++-- .../daily-rendering-scripts-verifier.lock.yml | 27 +++++++++++-- .../workflows/daily-repo-chronicle.lock.yml | 27 +++++++++++-- .../daily-safe-output-integrator.lock.yml | 27 +++++++++++-- .../daily-safe-output-optimizer.lock.yml | 27 +++++++++++-- .../daily-safe-outputs-conformance.lock.yml | 27 +++++++++++-- .../workflows/daily-secrets-analysis.lock.yml | 27 +++++++++++-- .../daily-security-red-team.lock.yml | 27 +++++++++++-- .github/workflows/daily-semgrep-scan.lock.yml | 27 +++++++++++-- .../daily-syntax-error-quality.lock.yml | 27 +++++++++++-- .../daily-team-evolution-insights.lock.yml | 27 +++++++++++-- .github/workflows/daily-team-status.lock.yml | 27 +++++++++++-- .../daily-testify-uber-super-expert.lock.yml | 27 +++++++++++-- .../daily-token-consumption-report.lock.yml | 27 +++++++++++-- .../workflows/daily-workflow-updater.lock.yml | 27 +++++++++++-- .github/workflows/delight.lock.yml | 27 +++++++++++-- .../developer-docs-consolidator.lock.yml | 27 +++++++++++-- .github/workflows/docs-noob-tester.lock.yml | 27 +++++++++++-- .../example-workflow-analyzer.lock.yml | 27 +++++++++++-- .../github-mcp-structural-analysis.lock.yml | 27 +++++++++++-- .../github-mcp-tools-report.lock.yml | 27 +++++++++++-- .github/workflows/lockfile-stats.lock.yml | 27 +++++++++++-- .github/workflows/mcp-inspector.lock.yml | 27 +++++++++++-- .../prompt-clustering-analysis.lock.yml | 27 +++++++++++-- .../workflows/repo-audit-analyzer.lock.yml | 27 +++++++++++-- .../repository-quality-improver.lock.yml | 27 +++++++++++-- .github/workflows/safe-output-health.lock.yml | 27 +++++++++++-- .../schema-consistency-checker.lock.yml | 27 +++++++++++-- .github/workflows/sergo.lock.yml | 27 +++++++++++-- .../workflows/smoke-agent-all-merged.lock.yml | 27 +++++++++++-- .../workflows/smoke-agent-all-none.lock.yml | 27 +++++++++++-- .../smoke-agent-public-approved.lock.yml | 27 +++++++++++-- .../smoke-agent-public-none.lock.yml | 27 +++++++++++-- .../smoke-agent-scoped-approved.lock.yml | 27 +++++++++++-- .../workflows/smoke-call-workflow.lock.yml | 39 ++++++++++++++----- .github/workflows/smoke-codex.lock.yml | 39 ++++++++++++++----- .github/workflows/smoke-copilot-arm.lock.yml | 27 +++++++++++-- .../smoke-create-cross-repo-pr.lock.yml | 27 +++++++++++-- .github/workflows/smoke-gemini.lock.yml | 27 +++++++++++-- .github/workflows/smoke-multi-pr.lock.yml | 27 +++++++++++-- .github/workflows/smoke-opencode.lock.yml | 27 +++++++++++-- .github/workflows/smoke-project.lock.yml | 27 +++++++++++-- .../workflows/smoke-service-ports.lock.yml | 27 +++++++++++-- .github/workflows/smoke-temporary-id.lock.yml | 27 +++++++++++-- .github/workflows/smoke-test-tools.lock.yml | 27 +++++++++++-- .../smoke-update-cross-repo-pr.lock.yml | 27 +++++++++++-- .../workflows/stale-repo-identifier.lock.yml | 27 +++++++++++-- .github/workflows/terminal-stylist.lock.yml | 27 +++++++++++-- .github/workflows/typist.lock.yml | 27 +++++++++++-- .../workflows/weekly-issue-summary.lock.yml | 27 +++++++++++-- 85 files changed, 2064 insertions(+), 279 deletions(-) diff --git a/.github/workflows/agentic-observability-kit.lock.yml b/.github/workflows/agentic-observability-kit.lock.yml index e10f49b1eec..1f70bf6f3b1 100644 --- a/.github/workflows/agentic-observability-kit.lock.yml +++ b/.github/workflows/agentic-observability-kit.lock.yml @@ -117,7 +117,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -381,7 +388,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1467,7 +1481,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/agentic-optimization-kit.lock.yml b/.github/workflows/agentic-optimization-kit.lock.yml index 4f0a83d4421..92d3523c303 100644 --- a/.github/workflows/agentic-optimization-kit.lock.yml +++ b/.github/workflows/agentic-optimization-kit.lock.yml @@ -119,7 +119,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -394,7 +401,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1611,7 +1625,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/api-consumption-report.lock.yml b/.github/workflows/api-consumption-report.lock.yml index e6203cc9e89..cdf15ce0e8e 100644 --- a/.github/workflows/api-consumption-report.lock.yml +++ b/.github/workflows/api-consumption-report.lock.yml @@ -118,7 +118,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +392,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1493,7 +1507,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index d24669e0732..53289b9f35e 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -121,7 +121,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +403,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1618,7 +1632,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index f10eaf1b091..026804d2372 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -366,7 +373,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1385,7 +1399,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 7c1cf4c8b74..48e013da7ae 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -113,7 +113,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -372,7 +379,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1353,7 +1367,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index afa2c03c57d..aa07be712ba 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -117,7 +117,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -390,7 +397,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1489,7 +1503,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index d85a19c45a0..6c7e6e7ce8e 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -114,7 +114,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -326,7 +333,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1341,7 +1355,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 2b1cba8079e..c9bceb8ef05 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -118,7 +118,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +403,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1490,7 +1504,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 7517155fda4..fb9471c5cc8 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -115,7 +115,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -389,7 +396,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1430,7 +1444,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 5f39294898e..9ee8897e6cf 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -120,7 +120,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -402,7 +409,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1548,7 +1562,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-token-audit.lock.yml b/.github/workflows/copilot-token-audit.lock.yml index 6f4bdc50588..47f56062d97 100644 --- a/.github/workflows/copilot-token-audit.lock.yml +++ b/.github/workflows/copilot-token-audit.lock.yml @@ -118,7 +118,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -392,7 +399,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1567,7 +1581,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index c554c4666e5..14ffe40d882 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -109,7 +109,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -367,7 +374,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1336,7 +1350,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index d1c658cc5be..0a933bce497 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -105,7 +105,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -351,7 +358,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1261,7 +1275,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 8227036d83e..2be06b7ebfa 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -108,7 +108,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -354,7 +361,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1302,7 +1316,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 5023a646b29..bb86330dbff 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -137,7 +137,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -408,7 +415,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1660,7 +1674,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 037bd31995d..97ca024dc02 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -111,7 +111,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -367,7 +374,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1340,7 +1354,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index a1572dcc46a..c49f03684d4 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -116,7 +116,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -388,7 +395,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1529,7 +1543,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml index c5375668b30..1bef9142ffe 100644 --- a/.github/workflows/daily-community-attribution.lock.yml +++ b/.github/workflows/daily-community-attribution.lock.yml @@ -108,7 +108,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -375,7 +382,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1442,7 +1456,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 0530c4bd17c..3dbf1cb1be2 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -115,7 +115,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -405,7 +412,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1388,7 +1402,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index 0dee20c80bc..fed917d548d 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -371,7 +378,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1434,7 +1448,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 768fdec8d23..6e2d0c70395 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -370,7 +377,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1395,7 +1409,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index a942c10794d..d64b7cde09a 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -115,7 +115,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -465,7 +472,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1395,18 +1409,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_f7130aac39095c62_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_8f4321c3c9f61789_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_f7130aac39095c62_EOF + GH_AW_MCP_CONFIG_8f4321c3c9f61789_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_8d1c91d261862600_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_a479b9f4c667fd23_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1417,11 +1431,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_8d1c91d261862600_EOF + GH_AW_MCP_CONFIG_a479b9f4c667fd23_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_631367c03ac5ca7c_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_00116351f0b96cf5_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1431,7 +1445,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_631367c03ac5ca7c_EOF + GH_AW_CODEX_SHELL_POLICY_00116351f0b96cf5_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1539,7 +1553,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 1b7559fdf14..53c8a1c7133 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -117,7 +117,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -403,7 +410,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1409,7 +1423,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 8f85c63560d..d9bc244dec5 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -119,7 +119,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -384,7 +391,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1430,7 +1444,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 435d02ca098..b3e5163ce73 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -113,7 +113,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -403,7 +410,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1417,7 +1431,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-integrity-analysis.lock.yml b/.github/workflows/daily-integrity-analysis.lock.yml index b6fc347b8f9..86ae4fcc0b6 100644 --- a/.github/workflows/daily-integrity-analysis.lock.yml +++ b/.github/workflows/daily-integrity-analysis.lock.yml @@ -116,7 +116,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -382,7 +389,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1444,7 +1458,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 151f7afe4d2..cd8b3a7563e 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -123,7 +123,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +403,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1580,7 +1594,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 8549295d269..16b5cf04bb1 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -107,7 +107,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -357,7 +364,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1065,7 +1079,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index ec3d918a6b6..81dce2a408e 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -401,7 +408,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1404,7 +1418,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index a1ec1953827..8db6d93a6a4 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -114,7 +114,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -372,7 +379,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1420,7 +1434,14 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index f2f63661da2..b86ee828a72 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -117,7 +117,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -395,7 +402,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1594,7 +1608,14 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index e1ae58db903..1b5834fec83 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -118,7 +118,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -373,7 +380,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1313,18 +1327,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_925e6bef6ef6412e_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_7b2c593dadb4be9f_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_925e6bef6ef6412e_EOF + GH_AW_MCP_CONFIG_7b2c593dadb4be9f_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_17c1f1b27c5586e8_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_681ec5e1d67fde6b_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1335,11 +1349,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_17c1f1b27c5586e8_EOF + GH_AW_MCP_CONFIG_681ec5e1d67fde6b_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_b7acc31acbb29a6c_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_1075c5baed6f4dd0_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1349,7 +1363,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_b7acc31acbb29a6c_EOF + GH_AW_CODEX_SHELL_POLICY_1075c5baed6f4dd0_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1488,7 +1502,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml index b99c47d296e..edd59d22bb1 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml @@ -109,7 +109,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -364,7 +371,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1340,7 +1354,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index e86767ec655..2b0ef98bbe2 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -117,7 +117,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -383,7 +390,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1834,7 +1848,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 235b2d08973..223252c360a 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -368,7 +375,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1747,7 +1761,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index f1f420dff0e..cdecf50d485 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -121,7 +121,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -386,7 +393,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1543,7 +1557,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 3de685a90fc..68a155bbd8c 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -113,7 +113,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -374,7 +381,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1343,7 +1357,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index ada9d50d847..4e05524f732 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -107,7 +107,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -360,7 +367,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1307,7 +1321,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index de205f516bb..a1d537008cf 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -122,7 +122,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +392,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1516,7 +1530,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 835f84344d2..68f66087e8a 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -108,7 +108,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -357,7 +364,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1311,7 +1325,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 4a670406432..5b794a568da 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -109,7 +109,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -359,7 +366,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1254,7 +1268,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index d8a11eafce5..a7594439637 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -109,7 +109,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -365,7 +372,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1320,7 +1334,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 1723df101f5..abc6314401f 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -110,7 +110,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -359,7 +366,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1281,7 +1295,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 58919e4e12e..a69efa61601 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -108,7 +108,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -358,7 +365,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1293,7 +1307,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index efa3bb392c7..f61b169c633 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -111,7 +111,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -362,7 +369,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1311,7 +1325,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 4f99df4498e..8cd9016e205 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -120,7 +120,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -375,7 +382,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1321,7 +1335,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 321b5dded92..1a0ae9b688a 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -117,7 +117,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -417,7 +424,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1541,7 +1555,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-token-consumption-report.lock.yml b/.github/workflows/daily-token-consumption-report.lock.yml index c3a8f3e501f..55f3d3b8174 100644 --- a/.github/workflows/daily-token-consumption-report.lock.yml +++ b/.github/workflows/daily-token-consumption-report.lock.yml @@ -113,7 +113,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -364,7 +371,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1380,7 +1394,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index a97288feedb..24dca699d08 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -107,7 +107,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -356,7 +363,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1268,7 +1282,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 986f35ef974..32a61d0157a 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -111,7 +111,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -376,7 +383,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1450,7 +1464,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 055a928eb53..42aa9679df4 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -117,7 +117,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -422,7 +429,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1614,7 +1628,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 3d29c579c7a..a8383d44768 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -366,7 +373,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1318,7 +1332,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 9e86151b592..3a16ea13187 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -114,7 +114,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -363,7 +370,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1386,7 +1400,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index b46fce6b7c2..be363c280f6 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -115,7 +115,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -377,7 +384,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1398,7 +1412,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 8f740ad4607..772419e6d35 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -113,7 +113,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -374,7 +381,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1396,7 +1410,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 8b13c535aa3..59ebbf419ea 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -113,7 +113,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -368,7 +375,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1342,7 +1356,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 9b545dc7c02..f12faddfcfb 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -156,7 +156,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -463,7 +470,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -2110,7 +2124,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 2bc009201c8..90c88bd3602 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -125,7 +125,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -387,7 +394,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1515,7 +1529,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index ce7f6b1fc26..3a9781b4fc1 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -115,7 +115,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -376,7 +383,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1294,7 +1308,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 1e09a2e638f..a649cefd9e1 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -116,7 +116,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -409,7 +416,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1356,7 +1370,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 3c0cdc16b95..9af13c32044 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -118,7 +118,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -372,7 +379,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1432,7 +1446,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 71dd01133c8..baa61895a68 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -112,7 +112,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -362,7 +369,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1322,7 +1336,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 64efa9b30cd..17bd42aaa56 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -116,7 +116,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -401,7 +408,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1447,7 +1461,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index 777dfad1e32..c6933232af7 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -119,7 +119,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +392,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1372,7 +1386,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 637388d5121..fab0f337e38 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -119,7 +119,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +392,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1372,7 +1386,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 7202992b0c5..187c0a8ac3c 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -121,7 +121,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -393,7 +400,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1427,7 +1441,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 8ebe7aa48d0..6b39593128f 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -119,7 +119,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +392,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1372,7 +1386,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index bf4c2a5e2c1..79dacce386e 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -120,7 +120,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -387,7 +394,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1379,7 +1393,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 3aae75e6ff9..9772764f6ff 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -118,7 +118,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -375,7 +382,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1225,18 +1239,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_227dec47ef38d6cd_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_4aceb02fa0029b77_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_227dec47ef38d6cd_EOF + GH_AW_MCP_CONFIG_4aceb02fa0029b77_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_c3c0bb95cf5fe5c0_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_d3f2d63d7e4ab228_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1247,11 +1261,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_c3c0bb95cf5fe5c0_EOF + GH_AW_MCP_CONFIG_d3f2d63d7e4ab228_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_bea347ecd791e20d_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_8cf07d48eea557c7_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1261,7 +1275,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_bea347ecd791e20d_EOF + GH_AW_CODEX_SHELL_POLICY_8cf07d48eea557c7_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1401,7 +1415,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 9db4f24df11..01ad784b654 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -134,7 +134,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -470,7 +477,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1762,18 +1776,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_d18758cab5808df4_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_bc97b97dccec096f_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_d18758cab5808df4_EOF + GH_AW_MCP_CONFIG_bc97b97dccec096f_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_ea8260d4aa33adf1_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_43aaab2090e25fc2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1784,11 +1798,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_ea8260d4aa33adf1_EOF + GH_AW_MCP_CONFIG_43aaab2090e25fc2_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_a4c0e5e828874874_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_1011744aecd08661_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1798,7 +1812,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_a4c0e5e828874874_EOF + GH_AW_CODEX_SHELL_POLICY_1011744aecd08661_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1945,7 +1959,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 514b8db6db3..4c1019d4c17 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -135,7 +135,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -476,7 +483,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -2317,7 +2331,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index 0c89504daaa..d4c0eddc5e8 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -119,7 +119,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +403,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1429,7 +1443,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index b939b82c5f7..28ea492a07a 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -127,7 +127,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -421,7 +428,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1560,7 +1574,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index c5619bb3944..35778f759c6 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -123,7 +123,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -413,7 +420,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1431,7 +1445,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml index c9a264f3b12..e068f2364d3 100644 --- a/.github/workflows/smoke-opencode.lock.yml +++ b/.github/workflows/smoke-opencode.lock.yml @@ -125,7 +125,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -412,7 +419,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1492,7 +1506,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index 642d8bfff2a..ab7032f4777 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -124,7 +124,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -410,7 +417,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1551,7 +1565,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-service-ports.lock.yml b/.github/workflows/smoke-service-ports.lock.yml index 6fcfda34fbd..b72dae41f10 100644 --- a/.github/workflows/smoke-service-ports.lock.yml +++ b/.github/workflows/smoke-service-ports.lock.yml @@ -107,7 +107,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -371,7 +378,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1300,7 +1314,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 8097e2d31ec..70a178e4bc2 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -122,7 +122,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -409,7 +416,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1410,7 +1424,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 80fa04a5a32..e599d5ca8d7 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -125,7 +125,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -394,7 +401,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1351,7 +1365,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index 55353b23b71..769dce83bbb 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -121,7 +121,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -405,7 +412,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1450,7 +1464,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 1d2a8fa0813..7162cd06936 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -127,7 +127,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -392,7 +399,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1477,7 +1491,14 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index d8e68e6348a..7917f77c198 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -114,7 +114,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -392,7 +399,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1295,7 +1309,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index be19bec4169..a341648a3da 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -114,7 +114,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -395,7 +402,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1388,7 +1402,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 88c9aaf6271..7787c7560a8 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -117,7 +117,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -374,7 +381,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1308,7 +1322,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true From a7a788876318059121a9da812bc22cb722df2343 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 26 Apr 2026 00:25:06 +0000 Subject: [PATCH 6/9] fix: emit OTLP headers deprecation warning once via WorkflowData.OTLPHeaders - extractOTLPConfigFromRaw now returns a deprecated bool flag instead of printing the warning inline (pure helper, no side-effects) - injectOTLPConfig collects the deprecated flag from both extraction paths (raw frontmatter and ParsedFrontmatter fallback) and emits the warning exactly once - Add WorkflowData.OTLPHeaders field; injectOTLPConfig sets it alongside OTLPEndpoint so downstream code has a single source of truth - buildMCPGatewayConfig now reads workflowData.OTLPHeaders directly, eliminating the second call to extractOTLPConfigFromRaw and the duplicate deprecation warning it caused - Update tests: extend TestExtractOTLPConfigFromRaw to assert the deprecated return value; add TestInjectOTLPConfig_OTLPHeadersField Agent-Logs-Url: https://github.com/github/gh-aw/sessions/9d7b90fb-97a7-4d37-81ea-71daf6c9e0e5 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/compiler_types.go | 1 + pkg/workflow/mcp_gateway_config.go | 26 ++----- pkg/workflow/observability_otlp.go | 40 ++++++----- pkg/workflow/observability_otlp_test.go | 91 +++++++++++++++++++++---- 4 files changed, 108 insertions(+), 50 deletions(-) diff --git a/pkg/workflow/compiler_types.go b/pkg/workflow/compiler_types.go index af40a4c48cd..23df55db696 100644 --- a/pkg/workflow/compiler_types.go +++ b/pkg/workflow/compiler_types.go @@ -491,6 +491,7 @@ type WorkflowData struct { ParsedFrontmatter *FrontmatterConfig // cached parsed frontmatter configuration (for performance optimization) RawFrontmatter map[string]any // raw parsed frontmatter map (for passing to hash functions without re-parsing) OTLPEndpoint string // resolved OTLP endpoint (from observability.otlp.endpoint, including imports; set by injectOTLPConfig) + OTLPHeaders string // normalized OTLP headers in key=value,key=value format (from observability.otlp.headers, including imports; set by injectOTLPConfig) ResolvedMCPServers map[string]any // fully merged mcp-servers from main workflow and all imports (for mcp inspect) ActionPinWarnings map[string]bool // cache of already-warned action pin failures (key: "repo@version") ActionMode ActionMode // action mode for workflow compilation (dev, release, script) diff --git a/pkg/workflow/mcp_gateway_config.go b/pkg/workflow/mcp_gateway_config.go index a61c9814a62..fd234c8b300 100644 --- a/pkg/workflow/mcp_gateway_config.go +++ b/pkg/workflow/mcp_gateway_config.go @@ -131,20 +131,9 @@ func buildMCPGatewayConfig(workflowData *WorkflowData) *MCPGatewayRuntimeConfig // Use ${...} syntax for environment variable references that will be resolved by the gateway at runtime // Per MCP Gateway Specification v1.0.0 section 4.2, variable expressions use "${VARIABLE_NAME}" syntax // - // OTLPEndpoint and OTLPHeaders are derived from workflowData.OTLPEndpoint and the raw - // frontmatter headers string. These compile-time values (including GitHub Actions - // expressions such as ${{ secrets.X }}) are written directly into the gateway config JSON. - var otlpHeaders string - if workflowData.OTLPEndpoint != "" { - // Read headers from raw frontmatter (same source as injectOTLPConfig) - _, otlpHeaders = extractOTLPConfigFromRaw(workflowData.RawFrontmatter) - if otlpHeaders == "" && workflowData.ParsedFrontmatter != nil && - workflowData.ParsedFrontmatter.Observability != nil && - workflowData.ParsedFrontmatter.Observability.OTLP != nil { - normalized, _ := normalizeOTLPHeaders(workflowData.ParsedFrontmatter.Observability.OTLP.Headers) - otlpHeaders = normalized - } - } + // OTLPEndpoint and OTLPHeaders are read from workflowData fields set by injectOTLPConfig. + // These compile-time values (including GitHub Actions expressions such as ${{ secrets.X }}) + // are written directly into the gateway config JSON. return &MCPGatewayRuntimeConfig{ Port: int(DefaultMCPGatewayPort), // Will be formatted as "${MCP_GATEWAY_PORT}" in renderer Domain: "${MCP_GATEWAY_DOMAIN}", // Gateway variable expression @@ -154,12 +143,11 @@ func buildMCPGatewayConfig(workflowData *WorkflowData) *MCPGatewayRuntimeConfig PayloadSizeThreshold: payloadSizeThreshold, // Size threshold in bytes TrustedBots: workflowData.SandboxConfig.MCP.TrustedBots, // Additional trusted bot identities from frontmatter KeepaliveInterval: workflowData.SandboxConfig.MCP.KeepaliveInterval, // Keepalive interval from frontmatter (0=default, -1=disabled, >0=custom) - // OTLPEndpoint and OTLPHeaders are set from workflowData.OTLPEndpoint which is the - // fully resolved OTLP endpoint (including imports) set by injectOTLPConfig. Using - // these fields ensures gateway OTLP config honours observability defined in imported - // shared workflows. + // OTLPEndpoint and OTLPHeaders are set from workflowData by injectOTLPConfig, which is + // the fully resolved OTLP config (including imports). Using these fields ensures gateway + // OTLP config honours observability defined in imported shared workflows. OTLPEndpoint: workflowData.OTLPEndpoint, - OTLPHeaders: otlpHeaders, + OTLPHeaders: workflowData.OTLPHeaders, } } diff --git a/pkg/workflow/observability_otlp.go b/pkg/workflow/observability_otlp.go index 5ac521a82a7..803ac5c3d46 100644 --- a/pkg/workflow/observability_otlp.go +++ b/pkg/workflow/observability_otlp.go @@ -145,7 +145,10 @@ func generateOTLPHeadersMaskStep() string { // succeeding -- that function may fail for workflows with complex tool configurations // (e.g. engine objects, array-style bash configs), which would leave ParsedFrontmatter // nil and prevent OTLP injection. -func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers string) { +// +// The third return value is true when the deprecated string form was used for headers, +// so the caller can emit a deprecation warning. +func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers string, deprecated bool) { obs, ok := frontmatter["observability"] if !ok { return @@ -166,13 +169,7 @@ func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers str endpoint = ep } if raw, ok := otlpMap["headers"]; ok { - normalized, deprecated := normalizeOTLPHeaders(raw) - if deprecated { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage( - "observability.otlp.headers: string form is deprecated. Use the map form instead (e.g. headers: {Authorization: \"Bearer ${{ secrets.TOKEN }}\"})", - )) - } - headers = normalized + headers, deprecated = normalizeOTLPHeaders(raw) } return } @@ -191,7 +188,7 @@ func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers str func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { // Read OTLP config from the raw frontmatter map so that injection works even // when ParseFrontmatterConfig failed (e.g. due to complex tool configs). - endpoint, headers := extractOTLPConfigFromRaw(workflowData.RawFrontmatter) + endpoint, headers, deprecated := extractOTLPConfigFromRaw(workflowData.RawFrontmatter) // Fall back to ParsedFrontmatter when the raw map didn't yield an endpoint. if endpoint == "" { @@ -221,14 +218,20 @@ func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { if headers == "" && workflowData.ParsedFrontmatter != nil && workflowData.ParsedFrontmatter.Observability != nil && workflowData.ParsedFrontmatter.Observability.OTLP != nil { - normalized, deprecated := normalizeOTLPHeaders(workflowData.ParsedFrontmatter.Observability.OTLP.Headers) - if deprecated { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage( - "observability.otlp.headers: string form is deprecated. Use the map form instead (e.g. headers: {Authorization: \"Bearer ${{ secrets.TOKEN }}\"})", - )) + var parsedDeprecated bool + headers, parsedDeprecated = normalizeOTLPHeaders(workflowData.ParsedFrontmatter.Observability.OTLP.Headers) + if parsedDeprecated { + deprecated = true } - headers = normalized } + + // Emit the deprecation warning once after resolving headers from all sources. + if deprecated { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage( + "observability.otlp.headers: string form is deprecated. Use the map form instead (e.g. headers: {Authorization: \"Bearer ${{ secrets.TOKEN }}\"})", + )) + } + if headers != "" { otlpEnvLines += "\n OTEL_EXPORTER_OTLP_HEADERS: " + headers otlpLog.Printf("Injected OTEL_EXPORTER_OTLP_HEADERS env var") @@ -241,8 +244,9 @@ func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { } otlpLog.Printf("Injected OTEL env vars into workflow env block") - // Store the resolved endpoint so downstream code (mcp_gateway_config, mcp_setup_generator) - // can use workflowData.OTLPEndpoint as the single source of truth instead of - // re-reading raw frontmatter independently. + // Store the resolved endpoint and headers so downstream code (mcp_gateway_config, + // mcp_setup_generator) can use workflowData.OTLPEndpoint / OTLPHeaders as the single + // source of truth instead of re-reading raw frontmatter independently. workflowData.OTLPEndpoint = endpoint + workflowData.OTLPHeaders = headers } diff --git a/pkg/workflow/observability_otlp_test.go b/pkg/workflow/observability_otlp_test.go index 00a27800037..c994df33341 100644 --- a/pkg/workflow/observability_otlp_test.go +++ b/pkg/workflow/observability_otlp_test.go @@ -406,10 +406,11 @@ func TestObservabilityConfigParsing(t *testing.T) { // TestExtractOTLPConfigFromRaw verifies direct raw-frontmatter OTLP extraction. func TestExtractOTLPConfigFromRaw(t *testing.T) { tests := []struct { - name string - frontmatter map[string]any - wantEndpoint string - wantHeaders string + name string + frontmatter map[string]any + wantEndpoint string + wantHeaders string + wantDeprecated bool }{ { name: "nil frontmatter", @@ -446,7 +447,7 @@ func TestExtractOTLPConfigFromRaw(t *testing.T) { wantEndpoint: "${{ secrets.GH_AW_OTEL_ENDPOINT }}", }, { - name: "observability.otlp with endpoint and headers", + name: "observability.otlp with endpoint and string headers (deprecated)", frontmatter: map[string]any{ "observability": map[string]any{ "otlp": map[string]any{ @@ -455,11 +456,12 @@ func TestExtractOTLPConfigFromRaw(t *testing.T) { }, }, }, - wantEndpoint: "https://traces.example.com", - wantHeaders: "${{ secrets.GH_AW_OTEL_HEADERS }}", + wantEndpoint: "https://traces.example.com", + wantHeaders: "${{ secrets.GH_AW_OTEL_HEADERS }}", + wantDeprecated: true, }, { - name: "Sentry-style header with space in value", + name: "Sentry-style header with space in value (deprecated string form)", frontmatter: map[string]any{ "observability": map[string]any{ "otlp": map[string]any{ @@ -468,16 +470,32 @@ func TestExtractOTLPConfigFromRaw(t *testing.T) { }, }, }, - wantEndpoint: "https://sentry.io/api/123/envelope/", - wantHeaders: "x-sentry-auth=Sentry sentry_key=abc123", + wantEndpoint: "https://sentry.io/api/123/envelope/", + wantHeaders: "x-sentry-auth=Sentry sentry_key=abc123", + wantDeprecated: true, + }, + { + name: "observability.otlp with endpoint and map headers (not deprecated)", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{"Authorization": "Bearer tok"}, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "Authorization=Bearer tok", + wantDeprecated: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - gotEndpoint, gotHeaders := extractOTLPConfigFromRaw(tt.frontmatter) + gotEndpoint, gotHeaders, gotDeprecated := extractOTLPConfigFromRaw(tt.frontmatter) assert.Equal(t, tt.wantEndpoint, gotEndpoint, "endpoint") assert.Equal(t, tt.wantHeaders, gotHeaders, "headers") + assert.Equal(t, tt.wantDeprecated, gotDeprecated, "deprecated") }) } } @@ -668,6 +686,54 @@ func TestInjectOTLPConfig_OTLPEndpointField(t *testing.T) { }) } +// TestInjectOTLPConfig_OTLPHeadersField verifies that injectOTLPConfig sets workflowData.OTLPHeaders +// so that buildMCPGatewayConfig can read it directly instead of re-reading raw frontmatter. +func TestInjectOTLPConfig_OTLPHeadersField(t *testing.T) { + c := &Compiler{} + + t.Run("sets OTLPHeaders when headers are configured (map form)", func(t *testing.T) { + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{"Authorization": "Bearer tok", "X-Tenant": "acme"}, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Equal(t, "Authorization=Bearer tok,X-Tenant=acme", wd.OTLPHeaders, "OTLPHeaders should be set from map form") + }) + + t.Run("sets OTLPHeaders when headers are configured (string form)", func(t *testing.T) { + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": "Authorization=Bearer tok", + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Equal(t, "Authorization=Bearer tok", wd.OTLPHeaders, "OTLPHeaders should be set from string form") + }) + + t.Run("OTLPHeaders is empty when no headers are configured", func(t *testing.T) { + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{"endpoint": "https://traces.example.com"}, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Empty(t, wd.OTLPHeaders, "OTLPHeaders should be empty when no headers are configured") + }) +} + // TestNormalizeOTLPHeaders verifies the normalizeOTLPHeaders helper function. func TestNormalizeOTLPHeaders(t *testing.T) { tests := []struct { @@ -869,14 +935,13 @@ func TestExtractOTLPConfigFromRaw_MapHeaders(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - gotEndpoint, gotHeaders := extractOTLPConfigFromRaw(tt.frontmatter) + gotEndpoint, gotHeaders, _ := extractOTLPConfigFromRaw(tt.frontmatter) assert.Equal(t, tt.wantEndpoint, gotEndpoint, "endpoint") assert.Equal(t, tt.wantHeaders, gotHeaders, "headers") }) } } -// TestObservabilityConfigParsing_MapHeaders verifies that the map form for headers is // correctly parsed by ParseFrontmatterConfig. func TestObservabilityConfigParsing_MapHeaders(t *testing.T) { t.Run("map headers parsed as any type", func(t *testing.T) { From d26a881518a3bc02339c7da61f07df1c2e0f528d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 26 Apr 2026 00:37:28 +0000 Subject: [PATCH 7/9] chore: merge main and recompile all workflow lock files Agent-Logs-Url: https://github.com/github/gh-aw/sessions/a1c1152e-c37c-4441-8f90-02105d0bf05c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/daily-fact.lock.yml | 39 ++++++++++++++++++++------ .github/workflows/smoke-codex.lock.yml | 39 ++++++++++++++++++++------ 2 files changed, 60 insertions(+), 18 deletions(-) diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 3fd8a89bfb5..370490f27ef 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -115,7 +115,14 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -465,7 +472,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1396,18 +1410,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_1a616677fcc91216_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_d67e69de7036c32c_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_1a616677fcc91216_EOF + GH_AW_MCP_CONFIG_d67e69de7036c32c_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_f35f84e7a0cd92eb_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_2fe076d14617ca04_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1418,11 +1432,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_f35f84e7a0cd92eb_EOF + GH_AW_MCP_CONFIG_2fe076d14617ca04_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_10c504d6b7dd88da_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_cb0de39f36ee0aa9_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1432,7 +1446,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_10c504d6b7dd88da_EOF + GH_AW_CODEX_SHELL_POLICY_cb0de39f36ee0aa9_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1540,7 +1554,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 84a20a3bdc4..1b0a71c2666 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -134,7 +134,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Generate agentic run info id: generate_aw_info env: @@ -470,7 +477,14 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1763,18 +1777,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_7cd2ab3ccc926025_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_0e7423b94758e4cd_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_7cd2ab3ccc926025_EOF + GH_AW_MCP_CONFIG_0e7423b94758e4cd_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_a2f0e77a5a5c10a7_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_8875b877e327c0b6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1785,11 +1799,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_a2f0e77a5a5c10a7_EOF + GH_AW_MCP_CONFIG_8875b877e327c0b6_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_d2384e8d32b7521e_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_7f57b96afde99376_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1799,7 +1813,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_d2384e8d32b7521e_EOF + GH_AW_CODEX_SHELL_POLICY_7f57b96afde99376_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1946,7 +1960,14 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: | + echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" + done - name: Download agent output artifact id: download-agent-output continue-on-error: true From 60709bb641c419d0605cec06d4df56646b28cdac Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 26 Apr 2026 01:18:51 +0000 Subject: [PATCH 8/9] refactor: move OTLP headers mask inline script to mask_otlp_headers.sh Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1616e052-7941-45e1-9d53-e51686cde8f1 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../agentic-observability-kit.lock.yml | 27 ++----------- .../agentic-optimization-kit.lock.yml | 27 ++----------- .../workflows/api-consumption-report.lock.yml | 27 ++----------- .github/workflows/audit-workflows.lock.yml | 27 ++----------- .github/workflows/blog-auditor.lock.yml | 27 ++----------- .../claude-code-user-docs-review.lock.yml | 27 ++----------- .../workflows/copilot-agent-analysis.lock.yml | 27 ++----------- .../copilot-pr-merged-report.lock.yml | 27 ++----------- .../copilot-pr-nlp-analysis.lock.yml | 27 ++----------- .../copilot-pr-prompt-analysis.lock.yml | 27 ++----------- .../copilot-session-insights.lock.yml | 27 ++----------- .../workflows/copilot-token-audit.lock.yml | 27 ++----------- .../daily-architecture-diagram.lock.yml | 27 ++----------- .../daily-assign-issue-to-user.lock.yml | 27 ++----------- .github/workflows/daily-choice-test.lock.yml | 27 ++----------- .../workflows/daily-cli-performance.lock.yml | 27 ++----------- .../workflows/daily-cli-tools-tester.lock.yml | 27 ++----------- .github/workflows/daily-code-metrics.lock.yml | 27 ++----------- .../daily-community-attribution.lock.yml | 27 ++----------- .../workflows/daily-compiler-quality.lock.yml | 27 ++----------- .github/workflows/daily-doc-healer.lock.yml | 27 ++----------- .github/workflows/daily-doc-updater.lock.yml | 27 ++----------- .github/workflows/daily-fact.lock.yml | 39 +++++-------------- .github/workflows/daily-file-diet.lock.yml | 27 ++----------- .../workflows/daily-firewall-report.lock.yml | 27 ++----------- .../workflows/daily-function-namer.lock.yml | 27 ++----------- .../daily-integrity-analysis.lock.yml | 27 ++----------- .../workflows/daily-issues-report.lock.yml | 27 ++----------- .../daily-malicious-code-scan.lock.yml | 27 ++----------- .../daily-mcp-concurrency-analysis.lock.yml | 27 ++----------- .../daily-multi-device-docs-tester.lock.yml | 27 ++----------- .github/workflows/daily-news.lock.yml | 27 ++----------- .../daily-observability-report.lock.yml | 39 +++++-------------- ...aily-otel-instrumentation-advisor.lock.yml | 27 ++----------- .../daily-performance-summary.lock.yml | 27 ++----------- .github/workflows/daily-regulatory.lock.yml | 27 ++----------- .../daily-rendering-scripts-verifier.lock.yml | 27 ++----------- .../workflows/daily-repo-chronicle.lock.yml | 27 ++----------- .../daily-safe-output-integrator.lock.yml | 27 ++----------- .../daily-safe-output-optimizer.lock.yml | 27 ++----------- .../daily-safe-outputs-conformance.lock.yml | 27 ++----------- .../workflows/daily-secrets-analysis.lock.yml | 27 ++----------- .../daily-security-red-team.lock.yml | 27 ++----------- .github/workflows/daily-semgrep-scan.lock.yml | 27 ++----------- .../daily-syntax-error-quality.lock.yml | 27 ++----------- .../daily-team-evolution-insights.lock.yml | 27 ++----------- .github/workflows/daily-team-status.lock.yml | 27 ++----------- .../daily-testify-uber-super-expert.lock.yml | 27 ++----------- .../daily-token-consumption-report.lock.yml | 27 ++----------- .../workflows/daily-workflow-updater.lock.yml | 27 ++----------- .github/workflows/delight.lock.yml | 27 ++----------- .../developer-docs-consolidator.lock.yml | 27 ++----------- .github/workflows/docs-noob-tester.lock.yml | 27 ++----------- .../example-workflow-analyzer.lock.yml | 27 ++----------- .../github-mcp-structural-analysis.lock.yml | 27 ++----------- .../github-mcp-tools-report.lock.yml | 27 ++----------- .github/workflows/lockfile-stats.lock.yml | 27 ++----------- .github/workflows/mcp-inspector.lock.yml | 27 ++----------- .../prompt-clustering-analysis.lock.yml | 27 ++----------- .../workflows/repo-audit-analyzer.lock.yml | 27 ++----------- .../repository-quality-improver.lock.yml | 27 ++----------- .github/workflows/safe-output-health.lock.yml | 27 ++----------- .../schema-consistency-checker.lock.yml | 27 ++----------- .github/workflows/sergo.lock.yml | 27 ++----------- .../workflows/smoke-agent-all-merged.lock.yml | 27 ++----------- .../workflows/smoke-agent-all-none.lock.yml | 27 ++----------- .../smoke-agent-public-approved.lock.yml | 27 ++----------- .../smoke-agent-public-none.lock.yml | 27 ++----------- .../smoke-agent-scoped-approved.lock.yml | 27 ++----------- .../workflows/smoke-call-workflow.lock.yml | 39 +++++-------------- .github/workflows/smoke-codex.lock.yml | 39 +++++-------------- .github/workflows/smoke-copilot-arm.lock.yml | 27 ++----------- .../smoke-create-cross-repo-pr.lock.yml | 27 ++----------- .github/workflows/smoke-gemini.lock.yml | 27 ++----------- .github/workflows/smoke-multi-pr.lock.yml | 27 ++----------- .github/workflows/smoke-opencode.lock.yml | 27 ++----------- .github/workflows/smoke-project.lock.yml | 27 ++----------- .../workflows/smoke-service-ports.lock.yml | 27 ++----------- .github/workflows/smoke-temporary-id.lock.yml | 27 ++----------- .github/workflows/smoke-test-tools.lock.yml | 27 ++----------- .../smoke-update-cross-repo-pr.lock.yml | 27 ++----------- .../workflows/stale-repo-identifier.lock.yml | 27 ++----------- .github/workflows/terminal-stylist.lock.yml | 27 ++----------- .github/workflows/typist.lock.yml | 27 ++----------- .../workflows/weekly-issue-summary.lock.yml | 27 ++----------- actions/setup/sh/mask_otlp_headers.sh | 37 ++++++++++++++++++ .../observability_job_summary_test.go | 11 ++---- pkg/workflow/observability_otlp.go | 29 ++++---------- pkg/workflow/observability_otlp_test.go | 11 ++---- 89 files changed, 331 insertions(+), 2100 deletions(-) create mode 100644 actions/setup/sh/mask_otlp_headers.sh diff --git a/.github/workflows/agentic-observability-kit.lock.yml b/.github/workflows/agentic-observability-kit.lock.yml index ea7f285ea3a..f535ac65caf 100644 --- a/.github/workflows/agentic-observability-kit.lock.yml +++ b/.github/workflows/agentic-observability-kit.lock.yml @@ -117,14 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -388,14 +381,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1482,14 +1468,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/agentic-optimization-kit.lock.yml b/.github/workflows/agentic-optimization-kit.lock.yml index 0034f78ab0e..579d06e9d40 100644 --- a/.github/workflows/agentic-optimization-kit.lock.yml +++ b/.github/workflows/agentic-optimization-kit.lock.yml @@ -119,14 +119,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -401,14 +394,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1626,14 +1612,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/api-consumption-report.lock.yml b/.github/workflows/api-consumption-report.lock.yml index 8681401858e..1b787ef6e4c 100644 --- a/.github/workflows/api-consumption-report.lock.yml +++ b/.github/workflows/api-consumption-report.lock.yml @@ -118,14 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,14 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1508,14 +1494,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 13ab85f3e12..bdd1a516d1f 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -121,14 +121,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -403,14 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1633,14 +1619,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 026804d2372..79d5d187656 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -373,14 +366,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1399,14 +1385,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index a6c2192d945..4373e9f4411 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -113,14 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -379,14 +372,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1368,14 +1354,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index f17413fbebf..27d5af80180 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -117,14 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -397,14 +390,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1504,14 +1490,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 3d7a2f480e3..f99e7fff361 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -114,14 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -333,14 +326,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1356,14 +1342,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index dcc3fbd6264..7473340d593 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -118,14 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -403,14 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1505,14 +1491,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 763adcbfb0c..5e7eefa0bdb 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -115,14 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -396,14 +389,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1445,14 +1431,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 07923d422f7..d65bb5c18c2 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -120,14 +120,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -409,14 +402,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1563,14 +1549,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-token-audit.lock.yml b/.github/workflows/copilot-token-audit.lock.yml index a27acaa99c7..1803a352d61 100644 --- a/.github/workflows/copilot-token-audit.lock.yml +++ b/.github/workflows/copilot-token-audit.lock.yml @@ -118,14 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -399,14 +392,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1582,14 +1568,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index 5a7b83b96f3..b46cc0b60f0 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -109,14 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -374,14 +367,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1351,14 +1337,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 0a933bce497..59a55c3c575 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -105,14 +105,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -358,14 +351,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1275,14 +1261,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 2be06b7ebfa..3428808c59b 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -108,14 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -361,14 +354,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1316,14 +1302,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index bb86330dbff..8d5cb9de592 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -137,14 +137,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -415,14 +408,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1674,14 +1660,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 97ca024dc02..783c12ec7d0 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -111,14 +111,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -374,14 +367,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1354,14 +1340,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 68275b834f8..a0e90080ac6 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -116,14 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -395,14 +388,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1544,14 +1530,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml index 1bef9142ffe..bc86dddbfe8 100644 --- a/.github/workflows/daily-community-attribution.lock.yml +++ b/.github/workflows/daily-community-attribution.lock.yml @@ -108,14 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -382,14 +375,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1456,14 +1442,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 90c591f1a8d..57de64dcb0c 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -115,14 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -412,14 +405,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1403,14 +1389,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index 858421d69cc..4732f62dfed 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -378,14 +371,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1449,14 +1435,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 6ff64c9a5db..1b18961007e 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -377,14 +370,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1410,14 +1396,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 370490f27ef..40ff1e927ae 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -115,14 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -472,14 +465,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1410,18 +1396,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_d67e69de7036c32c_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_5f3f077cd9582590_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_d67e69de7036c32c_EOF + GH_AW_MCP_CONFIG_5f3f077cd9582590_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_2fe076d14617ca04_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_b3bf557a7c5ae51c_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1432,11 +1418,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_2fe076d14617ca04_EOF + GH_AW_MCP_CONFIG_b3bf557a7c5ae51c_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_cb0de39f36ee0aa9_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_af7b6cdd8d207893_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1446,7 +1432,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_cb0de39f36ee0aa9_EOF + GH_AW_CODEX_SHELL_POLICY_af7b6cdd8d207893_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1554,14 +1540,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 53c8a1c7133..be47bdca0a1 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -117,14 +117,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -410,14 +403,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1423,14 +1409,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 46cb6ed8a12..b86205ce1e9 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -119,14 +119,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -391,14 +384,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1445,14 +1431,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 8d89616d7d9..e5309facff4 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -113,14 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -410,14 +403,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1432,14 +1418,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-integrity-analysis.lock.yml b/.github/workflows/daily-integrity-analysis.lock.yml index 3da0c2c4a56..15580329c12 100644 --- a/.github/workflows/daily-integrity-analysis.lock.yml +++ b/.github/workflows/daily-integrity-analysis.lock.yml @@ -116,14 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -389,14 +382,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1459,14 +1445,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 564cc6fde18..dfecba5a5bc 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -123,14 +123,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -403,14 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1595,14 +1581,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 16b5cf04bb1..ecbc0b6c450 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -107,14 +107,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -364,14 +357,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1079,14 +1065,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index a5693a05460..dc098336906 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -408,14 +401,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1419,14 +1405,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 8db6d93a6a4..bd06c65204b 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -114,14 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -379,14 +372,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1434,14 +1420,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 01124e3b773..254a159e6e5 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -117,14 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -402,14 +395,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1609,14 +1595,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 1b5834fec83..7d80a122a0b 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -118,14 +118,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -380,14 +373,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1327,18 +1313,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_7b2c593dadb4be9f_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_54e90585dd37e1b2_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_7b2c593dadb4be9f_EOF + GH_AW_MCP_CONFIG_54e90585dd37e1b2_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_681ec5e1d67fde6b_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_1813643351981700_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1349,11 +1335,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_681ec5e1d67fde6b_EOF + GH_AW_MCP_CONFIG_1813643351981700_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_1075c5baed6f4dd0_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_b2fddad0ace1b5a6_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1363,7 +1349,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_1075c5baed6f4dd0_EOF + GH_AW_CODEX_SHELL_POLICY_b2fddad0ace1b5a6_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1502,14 +1488,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml index edd59d22bb1..885f60d3e01 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml @@ -109,14 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -371,14 +364,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1354,14 +1340,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 1e215c89169..56d1936b6d4 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -117,14 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -390,14 +383,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1849,14 +1835,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 223252c360a..55c30ab42ac 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -375,14 +368,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1761,14 +1747,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index 96dc27443b7..2431d8abfe3 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -121,14 +121,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -393,14 +386,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1558,14 +1544,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 1eac2c015d7..660299f210c 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -113,14 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -381,14 +374,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1358,14 +1344,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index 4e05524f732..c1c3895ad3b 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -107,14 +107,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -367,14 +360,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1321,14 +1307,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 7a79f3e282f..97cc405c7d2 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -122,14 +122,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,14 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1531,14 +1517,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 68f66087e8a..d9a8bb9d016 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -108,14 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -364,14 +357,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1325,14 +1311,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 5b794a568da..9c367ada3ef 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -109,14 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -366,14 +359,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1268,14 +1254,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index a7594439637..68bb480eb41 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -109,14 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -372,14 +365,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1334,14 +1320,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index abc6314401f..370abc9027a 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -110,14 +110,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -366,14 +359,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1295,14 +1281,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index a69efa61601..aa79113983f 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -108,14 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -365,14 +358,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1307,14 +1293,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index f61b169c633..e1940a73860 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -111,14 +111,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -369,14 +362,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1325,14 +1311,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 8cd9016e205..612764f734b 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -120,14 +120,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -382,14 +375,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1335,14 +1321,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 1a0ae9b688a..5546d76142c 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -117,14 +117,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -424,14 +417,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1555,14 +1541,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-token-consumption-report.lock.yml b/.github/workflows/daily-token-consumption-report.lock.yml index 55f3d3b8174..cfc18b36a9c 100644 --- a/.github/workflows/daily-token-consumption-report.lock.yml +++ b/.github/workflows/daily-token-consumption-report.lock.yml @@ -113,14 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -371,14 +364,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1394,14 +1380,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 24dca699d08..b4cb2c24b37 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -107,14 +107,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -363,14 +356,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1282,14 +1268,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 32a61d0157a..e8f5a8ca673 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -111,14 +111,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -383,14 +376,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1464,14 +1450,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index f65b3460395..426d7629014 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -117,14 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -429,14 +422,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1629,14 +1615,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index a8383d44768..a6193db5824 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -373,14 +366,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1332,14 +1318,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 3a16ea13187..f42220f426b 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -114,14 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -370,14 +363,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1400,14 +1386,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 0c8d6d5733c..2b60ff5d93e 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -115,14 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -384,14 +377,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1413,14 +1399,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index c5014d1c8aa..30db3fc841c 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -113,14 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -381,14 +374,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1411,14 +1397,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index bb356f45cd1..61216a6b4ef 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -113,14 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -375,14 +368,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1357,14 +1343,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index e535508e31c..ef819454590 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -156,14 +156,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -470,14 +463,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -2125,14 +2111,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 69283530d24..f3420d369f4 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -125,14 +125,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -394,14 +387,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1530,14 +1516,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index 478f1ba80af..3a63584683d 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -115,14 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -383,14 +376,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1309,14 +1295,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 3527581902b..8088bace56b 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -116,14 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -416,14 +409,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1371,14 +1357,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 5fb3a8cca43..357768cbde2 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -118,14 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -379,14 +372,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1447,14 +1433,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index d0e46955caa..803d4340c30 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -112,14 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -369,14 +362,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1337,14 +1323,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 52c3890367d..659c44e50ca 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -116,14 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -408,14 +401,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1462,14 +1448,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index c6933232af7..19c52bde667 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -119,14 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,14 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1386,14 +1372,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index fab0f337e38..acbc223f763 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -119,14 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,14 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1386,14 +1372,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 187c0a8ac3c..454cd2f8612 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -121,14 +121,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -400,14 +393,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1441,14 +1427,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 6b39593128f..1f6b37e44e7 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -119,14 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,14 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1386,14 +1372,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 79dacce386e..de399bc1422 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -120,14 +120,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -394,14 +387,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1393,14 +1379,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 9772764f6ff..bbd85a20480 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -118,14 +118,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -382,14 +375,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1239,18 +1225,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_4aceb02fa0029b77_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_8ecd987b7c0d7302_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_4aceb02fa0029b77_EOF + GH_AW_MCP_CONFIG_8ecd987b7c0d7302_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_d3f2d63d7e4ab228_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_9caaabd678cba62e_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1261,11 +1247,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_d3f2d63d7e4ab228_EOF + GH_AW_MCP_CONFIG_9caaabd678cba62e_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_8cf07d48eea557c7_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_e276605ef6a2cf9e_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1275,7 +1261,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_8cf07d48eea557c7_EOF + GH_AW_CODEX_SHELL_POLICY_e276605ef6a2cf9e_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1415,14 +1401,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 1b0a71c2666..1b885f4b0f9 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -134,14 +134,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -477,14 +470,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1777,18 +1763,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_0e7423b94758e4cd_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_32128a5236ffeb4b_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_0e7423b94758e4cd_EOF + GH_AW_MCP_CONFIG_32128a5236ffeb4b_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_8875b877e327c0b6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_dbcaa8a629cb35c4_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1799,11 +1785,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_8875b877e327c0b6_EOF + GH_AW_MCP_CONFIG_dbcaa8a629cb35c4_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_7f57b96afde99376_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_285af82c44db869f_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1813,7 +1799,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_7f57b96afde99376_EOF + GH_AW_CODEX_SHELL_POLICY_285af82c44db869f_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1960,14 +1946,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index c2572d81486..f48f64f51a4 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -135,14 +135,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -483,14 +476,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -2332,14 +2318,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index d4c0eddc5e8..9b5a0e6acb7 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -119,14 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -403,14 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1443,14 +1429,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index de64b03d63d..e53e331edb1 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -127,14 +127,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -428,14 +421,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1575,14 +1561,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 35778f759c6..d517b48f916 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -123,14 +123,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -420,14 +413,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1445,14 +1431,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml index e068f2364d3..e230a2e1015 100644 --- a/.github/workflows/smoke-opencode.lock.yml +++ b/.github/workflows/smoke-opencode.lock.yml @@ -125,14 +125,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -419,14 +412,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1506,14 +1492,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index ab7032f4777..7be659474a6 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -124,14 +124,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -417,14 +410,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1565,14 +1551,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-service-ports.lock.yml b/.github/workflows/smoke-service-ports.lock.yml index b72dae41f10..2cf420fcee5 100644 --- a/.github/workflows/smoke-service-ports.lock.yml +++ b/.github/workflows/smoke-service-ports.lock.yml @@ -107,14 +107,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -378,14 +371,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1314,14 +1300,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 70a178e4bc2..b28acd1015f 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -122,14 +122,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -416,14 +409,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1424,14 +1410,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index e599d5ca8d7..c3a11fdc592 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -125,14 +125,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -401,14 +394,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1365,14 +1351,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index c935c3a2a31..105ee6930b5 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -121,14 +121,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -412,14 +405,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1465,14 +1451,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index d6718778921..9fdea8b2dfe 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -127,14 +127,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -399,14 +392,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1492,14 +1478,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 7917f77c198..bd245b172bd 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -114,14 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -399,14 +392,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1309,14 +1295,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index a341648a3da..4755fb7cb7f 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -114,14 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -402,14 +395,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1402,14 +1388,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index d7ae4516823..b787663c047 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -117,14 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -381,14 +374,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1323,14 +1309,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: | - echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" - printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do - _val="${_pair#*=}" - [ -n "$_val" ] && echo '::add-mask::'"$_val" - _no_bearer="${_val#Bearer }" - [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" - done + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/actions/setup/sh/mask_otlp_headers.sh b/actions/setup/sh/mask_otlp_headers.sh new file mode 100644 index 00000000000..8a2d5778990 --- /dev/null +++ b/actions/setup/sh/mask_otlp_headers.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +set +o histexpand + +# +# mask_otlp_headers.sh - Mask OTEL_EXPORTER_OTLP_HEADERS from GitHub Actions logs +# +# Issues the ::add-mask:: workflow command for OTEL_EXPORTER_OTLP_HEADERS so that +# authentication tokens in the header value do not leak into GitHub Actions runner +# logs (including debug/step-debug logs). +# +# Three levels of masking are applied: +# 1. The entire OTEL_EXPORTER_OTLP_HEADERS value (comma-separated header pairs). +# 2. Each individual header value extracted from the pairs, so that a token +# appearing without its header name prefix is also redacted. +# 3. For Authorization-style "Bearer " credentials, the raw token after +# stripping the "Bearer " scheme prefix, so it is masked even when it appears +# without the scheme (e.g. in downstream tool logs). +# +# Mixed quoting ('::add-mask::' followed by "$VAR") is used so the directive prefix +# is treated as a literal string while the variable values are expanded at runtime. +# +# Exit codes: +# 0 - Success (OTEL_EXPORTER_OTLP_HEADERS may be empty, which is a no-op) + +set -euo pipefail + +# Level 1: mask the entire comma-separated headers string. +echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + +# Levels 2 & 3: split on commas, extract each value, and mask it individually. +# For "Bearer " values, also mask the raw token without the scheme prefix. +printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" +done diff --git a/pkg/workflow/observability_job_summary_test.go b/pkg/workflow/observability_job_summary_test.go index 10191dc810f..56fb1a774c3 100644 --- a/pkg/workflow/observability_job_summary_test.go +++ b/pkg/workflow/observability_job_summary_test.go @@ -139,7 +139,7 @@ imports: } // TestCompileWorkflow_MasksOTLPHeadersWhenConfigured verifies that the compiled -// workflow includes a ::add-mask:: step for OTEL_EXPORTER_OTLP_HEADERS in all +// workflow includes a masking step that calls mask_otlp_headers.sh in all // relevant jobs when headers are configured. func TestCompileWorkflow_MasksOTLPHeadersWhenConfigured(t *testing.T) { tmpDir := t.TempDir() @@ -175,15 +175,12 @@ engine: copilot compiled := string(lockContent) - // The ::add-mask:: step must appear in the compiled YAML + // The masking step must appear in the compiled YAML and delegate to the .sh script. if !strings.Contains(compiled, "- name: Mask OTLP telemetry headers") { t.Fatal("Expected OTLP headers masking step to be generated when headers are configured") } - if !strings.Contains(compiled, "::add-mask::") { - t.Fatal("Expected ::add-mask:: command for OTEL_EXPORTER_OTLP_HEADERS") - } - if !strings.Contains(compiled, "$OTEL_EXPORTER_OTLP_HEADERS") { - t.Fatal("Expected OTEL_EXPORTER_OTLP_HEADERS env var reference in masking step") + if !strings.Contains(compiled, "mask_otlp_headers.sh") { + t.Fatal("Expected masking step to delegate to mask_otlp_headers.sh") } // The masking step must appear in both the activation job and the agent job. diff --git a/pkg/workflow/observability_otlp.go b/pkg/workflow/observability_otlp.go index 803ac5c3d46..c8288c7b9a1 100644 --- a/pkg/workflow/observability_otlp.go +++ b/pkg/workflow/observability_otlp.go @@ -106,37 +106,24 @@ func isOTLPHeadersPresent(data *WorkflowData) bool { return strings.Contains(data.Env, "OTEL_EXPORTER_OTLP_HEADERS") } -// generateOTLPHeadersMaskStep returns a GitHub Actions step that issues the -// ::add-mask:: workflow command for the OTEL_EXPORTER_OTLP_HEADERS environment -// variable. Masking the value causes the GitHub Actions runner to replace any -// subsequent occurrence of it in the job logs with "***", preventing authentication -// tokens from leaking even when runner debug logging is enabled. +// generateOTLPHeadersMaskStep returns a GitHub Actions step that runs +// mask_otlp_headers.sh to issue the ::add-mask:: workflow command for the +// OTEL_EXPORTER_OTLP_HEADERS environment variable. Masking the value causes the +// GitHub Actions runner to replace any subsequent occurrence of it in the job +// logs with "***", preventing authentication tokens from leaking even when runner +// debug logging is enabled. // -// The step performs three levels of masking: +// The script performs three levels of masking: // 1. The entire OTEL_EXPORTER_OTLP_HEADERS value (comma-separated header pairs). // 2. Each individual header value extracted from the pairs, so that a token // appearing without its header name prefix is also redacted. // 3. For Authorization-style "Bearer " credentials, the raw token after // stripping the "Bearer " scheme prefix, so it is masked even when it appears // without the scheme (e.g. in downstream tool logs). -// -// Mixed quoting ('::add-mask::' followed by "$VAR") is used throughout so the -// directive prefix is treated as a literal string while the variable values are -// expanded at runtime. func generateOTLPHeadersMaskStep() string { var sb strings.Builder sb.WriteString(" - name: Mask OTLP telemetry headers\n") - sb.WriteString(" run: |\n") - // Level 1: mask the entire comma-separated headers string. - sb.WriteString(" echo '::add-mask::'\"$OTEL_EXPORTER_OTLP_HEADERS\"\n") - // Levels 2 & 3: split on commas, extract each value, and mask it individually. - // For "Bearer " values, also mask the raw token without the scheme prefix. - sb.WriteString(" printf '%s' \"$OTEL_EXPORTER_OTLP_HEADERS\" | tr ',' '\\n' | while IFS= read -r _pair; do\n") - sb.WriteString(" _val=\"${_pair#*=}\"\n") - sb.WriteString(" [ -n \"$_val\" ] && echo '::add-mask::'\"$_val\"\n") - sb.WriteString(" _no_bearer=\"${_val#Bearer }\"\n") - sb.WriteString(" [ \"$_no_bearer\" != \"$_val\" ] && echo '::add-mask::'\"$_no_bearer\"\n") - sb.WriteString(" done\n") + sb.WriteString(" run: bash \"${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh\"\n") return sb.String() } diff --git a/pkg/workflow/observability_otlp_test.go b/pkg/workflow/observability_otlp_test.go index c994df33341..969d9664e41 100644 --- a/pkg/workflow/observability_otlp_test.go +++ b/pkg/workflow/observability_otlp_test.go @@ -589,18 +589,13 @@ func TestIsOTLPHeadersPresent(t *testing.T) { } // TestGenerateOTLPHeadersMaskStep verifies that generateOTLPHeadersMaskStep -// emits a step that uses the ::add-mask:: workflow command. +// emits a step that delegates to mask_otlp_headers.sh. func TestGenerateOTLPHeadersMaskStep(t *testing.T) { step := generateOTLPHeadersMaskStep() assert.Contains(t, step, "- name: Mask OTLP telemetry headers", "should have the masking step name") - assert.Contains(t, step, "::add-mask::", "should emit the ::add-mask:: workflow command") - assert.Contains(t, step, "$OTEL_EXPORTER_OTLP_HEADERS", "should reference the headers env var") - assert.Contains(t, step, "echo", "should use echo to emit the mask command") - // Should also parse individual header values and strip "Bearer " prefix. - assert.Contains(t, step, "Bearer ", "should strip Bearer prefix from authorization values") - assert.Contains(t, step, "tr ',' '\\n'", "should split headers on commas") - assert.Contains(t, step, "_no_bearer", "should extract value without Bearer prefix") + assert.Contains(t, step, "mask_otlp_headers.sh", "should delegate to the mask_otlp_headers.sh script") + assert.Contains(t, step, "${RUNNER_TEMP}/gh-aw/actions/", "should reference the runtime actions directory") } // TestInjectOTLPConfig_HeadersPresenceAfterInjection verifies that From bf33af6f9a9c3d7d918f43c52156cbbeb2013029 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 01:33:03 +0000 Subject: [PATCH 9/9] Add changeset --- .changeset/patch-object-form-otlp-headers.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-object-form-otlp-headers.md diff --git a/.changeset/patch-object-form-otlp-headers.md b/.changeset/patch-object-form-otlp-headers.md new file mode 100644 index 00000000000..937936ce797 --- /dev/null +++ b/.changeset/patch-object-form-otlp-headers.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Added support for defining `observability.otlp.headers` as an object in workflow frontmatter.