Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Curly braces are replaced by "***" #207

Closed
benbenben2 opened this issue Aug 8, 2022 · 3 comments · Fixed by #208
Closed

Curly braces are replaced by "***" #207

benbenben2 opened this issue Aug 8, 2022 · 3 comments · Fixed by #208
Labels
bug Something isn't working

Comments

@benbenben2
Copy link

TL;DR

After running google-github-actions/auth@v0, if I run a bash command with curly braces, those are replaced by "***"

Expected behavior

{"key": "val"}

Observed behavior

***"key": "val"***

Action YAML

name: test auth

on:
  workflow_dispatch:

jobs:
  deployment:
    runs-on: ubuntu-latest
    steps:
      - name: "bash command"
        shell: bash
        run: |
          echo '{"key": "value"}'

      - name: Pull code into container
        uses: actions/checkout@v3

      - name: "Authenticate to Google Cloud"
        uses: "google-github-actions/auth@v0"
        with:
          credentials_json: "${{ secrets.GCP_CREDENTIALS }}"

      - name: "Bash"
        shell: bash
        run: |
          data="{\"key_2\": \"value2\"}"
          echo $data

Log output

No response

Additional information

  • If you comment the block with "google-github-actions/auth@v0", then, the curly braces appear in the log.
  • I am new with git worfklow, hence, sorry by advanced if this is not a bug but expected behavior
@benbenben2 benbenben2 added the bug Something isn't working label Aug 8, 2022
@github-actions
Copy link

github-actions bot commented Aug 8, 2022

Hi there @benbenben2 👋!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

@sethvargo
Copy link
Member

Hi @benbenben2

Thank you for opening an issue. This is not because of the auth action, but rather because you consumed a GitHub Secret which had a curly brace on its own line. For example, try the following workflow:

name: repro

on:
  push:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - run: |-
          echo '{"key": "value"}'

      - run: |-
          echo '${{ secrets.GCP_CREDENTIALS }}'

      - run: |-
          echo '{"key": "value"}'

You will see that all curly braces are removed from the log output, because GitHub automatically scrubs each line of a secret when it's consumed in a workflow.

I'm going to add this to the troubleshooting steps, but unfortunately this is out of our control since it's handled at the GitHub Actions layer, before it touches our workflow. The best workaround would be to switch to Workload Identity Federation or compress your JSON credentials into a single line.

sethvargo added a commit that referenced this issue Aug 8, 2022
@sethvargo
Document how GitHub secrets work
913cfe6 
Fixes #207
@sethvargo sethvargo mentioned this issue Aug 8, 2022
Merged
@benbenben2
Copy link
Author

Hi @sethvargo
Thank you for your reply.
Ok, so it has nothing to do with auth action. Sorry to have raised a bug for that.
I will close the issue.

sethvargo added a commit that referenced this issue Aug 8, 2022
@sethvargo
Document how GitHub secrets work (#208)
acd8a2b 
Fixes #207
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Document how GitHub secrets work google-github-actions/auth
2 participants
@sethvargo @benbenben2