iSharkFly-Docs
/
angular-docs-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: do not use shell to expand secure tokens to prevent leaks

This commit is contained in:
Miško Hevery 2017-03-13 14:43:52 -07:00 committed by Chuck Jazdzewski
parent ccd38dd54d
commit abbbb4d52c
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/ci/publish-build-artifacts.sh
View File

@ -75,11 +75,10 @@ function publishRepo {
done done
( (
# SECURITY CRITICAL: DO NOT remove the set -x on the following line. Removing it will leak the github credentials to the travis log.
set -x
cd $REPO_DIR && \ cd $REPO_DIR && \
git config credential.helper "store --file=.git/credentials" && \ git config credential.helper "store --file=.git/credentials" && \
echo "https://${GITHUB_TOKEN_ANGULAR}:@github.com" > .git/credentials # SECURITY CRITICAL: DO NOT use shell to expand vars since it could be logged and leaked.
node -e "console.log('https://'+process.env.GITHUB_TOKEN_ANGULAR+':github.com')" > .git/credentials
) )
fi fi
echo `date` > $REPO_DIR/BUILD_INFO echo `date` > $REPO_DIR/BUILD_INFO