-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removing umlaut limitation in secrets #157
Conversation
Yeah, I tried something similar, but was unable to find a mechanism where the secret isn't exposed. The problem (as I see it) is a bug in GitHub. |
I also think it is definitely a bug in GitHub. I tracked down the problem to yaml.
The secrets are correctly formatted in env.RepoSecrets. After they are passed to the action it breaks. I dont think i can fix the Github bug soon. Another idea would be handling the secrets with outputs. Also just a workaround. Other actions for example Azure/get-keyvault-secrets have taken this way. I think it is quite unhandy to manage secrets like this and it is lacking extensibility. Note: I obviously have secrets with umlauts that i can not change anymore and it is not the licensefileUrl. |
Which secret are we talking about? |
My codeSignCertificatePassword contains umlauts. Meanwhile i submitted the bug to GitHub. I will post updates here? |
That is a real concern - I will identify a solution asap |
What you can do right now is to create a file called SignBcContainerApp.ps1 and place it in the .AL-Go folder of your repo/project and place this code in the file:
Then you can create your password secret with base64 encoding as the Sign-BcContainerApp in your repo now assumes that the password is base64 encoded. I might find a better solution, but this should unblock you. |
Update from GitHub support:
|
I actually think that your original suggestion of carrying the secrets as base64 encoded is good and likely the right approach. |
I also went full cycle and I am not yet satisfied. Meanwhile I updated the pullrequest. |
You found most places:-) I have submitted PR to main with support for this - running end 2 end tests now to see if anything breaks. |
Implemented with #166 |
Thanks for your investigations, persistence and ideas - as you can see - your original PR was the right idea:-) |
Intro:
Secrets with umlauts were forbidden due to #131.
Change:
I removed the limitation by converting secrets to base64 and back.
The idea was mentioned by @freddydk in #131.
I am looking for a codereview.