ci: do not use shell to expand secure tokens to prevent leaks

scripts/ci/publish-build-artifacts.sh

@@ -75,11 +75,10 @@ function publishRepo {
     done
 
     (
-      # SECURITY CRITICAL: DO NOT remove the set -x on the following line. Removing it will leak the github credentials to the travis log.
-      set -x
       cd $REPO_DIR && \
       git config credential.helper "store --file=.git/credentials" && \
-      echo "https://${GITHUB_TOKEN_ANGULAR}:@github.com" > .git/credentials
+      # SECURITY CRITICAL: DO NOT use shell to expand vars since it could be logged and leaked.
+      node -e "console.log('https://'+process.env.GITHUB_TOKEN_ANGULAR+':github.com')" > .git/credentials
     )
   fi
   echo `date` > $REPO_DIR/BUILD_INFO