Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: username and the ci token variables are shown in the message with the announce integration in Gitlab #2456

Closed
3 tasks done
developer-guy opened this issue Sep 3, 2021 · 5 comments · Fixed by #2457
Closed
3 tasks done

[Bug]: username and the ci token variables are shown in the message with the announce integration in Gitlab #2456

developer-guy opened this issue Sep 3, 2021 · 5 comments · Fixed by #2457
Assignees
@caarlos0
Labels
bug Something isn't working
Projects
Board

Comments

@developer-guy
Copy link
Member

What happened?

We added slack announcer support to our project with the following definition:

announce:
  slack:
    enabled: true
    message_template: 'Defaults to `{{ .ProjectName }} {{ .Tag }} is out! Check it out at {{ .GitURL }}/releases/tag/{{ .Tag }}'
    channel: '#kink'
    username: 'GoReleaser'
    icon_url: 'https://github.com/goreleaser/goreleaser/raw/939f2b002b29d2c8df6efd2d1f1d0b85c4ac5ee0/www/docs/static/logo.png'

then, we realized that there is a username and the token in the message that was sent by GoReleaser (we are using Gitlab, btw) like the following:

Defaults to `kink v0.1.4 is out! Check it out at https://gitlab-ci-token:SyYhsAghYFTvMoxw7GAg@gitlab.private.com/poc/kink.git/releases/tag/v0.1.4

I think we should avoid that somehow.

How can we reproduce this?

You can use the same announce section within your .goreleaser.yml, then run the release command.

goreleaser version

goreleaser version 0.177.0
commit: eb9950e794e60a8d1e3d7ad4616ccdd579fc2db3
built by: homebrew

https://goreleaser.com

GoReleaser Check

  • goreleaser check shows no errors

Search

  • I did search for other open and closed issues before opening this.

Code of Conduct

  • I agree to follow this project's Code of Conduct

Additional context

No response
@developer-guy developer-guy added the bug Something isn't working label Sep 3, 2021
@caarlos0 caarlos0 added this to To do in Board Sep 3, 2021
@developer-guy
Copy link
Member Author

cc @Dentrax @caarlos0

@caarlos0
Copy link
Member

caarlos0 commented Sep 3, 2021

yeah we should probably cleanup URLs, removing the auth from them

@caarlos0
Copy link
Member

caarlos0 commented Sep 3, 2021

probably should add a CleanGitURL to the templates, and use it instead of .GitURL as default.

we could clean the url with something like:

u, err := url.Parse(gitURL)
if err != nil {
   // handle
}
u.User = nil
cleanGitURL := u.String()

@developer-guy
Copy link
Member Author

may I do it @caarlos0 ?

@caarlos0
Copy link
Member

caarlos0 commented Sep 3, 2021

sure, go ahead :)

@developer-guy developer-guy mentioned this issue Sep 3, 2021
Merged
Board automation moved this from To do to Done Sep 3, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 4, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@caarlos0 caarlos0

Labels
bug Something isn't working
Projects
No open projects
Board
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: clean user information from remote url if it contains username and token
2 participants
@caarlos0 @developer-guy