security: fix token leakage in workflow logs

bjut-tech · Jan 13, 2024 · 59344b9 · 59344b9
1 parent 4ed7ec0
commit 59344b9
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,9 +28,13 @@ jobs:
       - id: aliyun-cr-token
         name: Obtain Aliyun Container Registry credentials
         run: |
+          aliyun cr --force --version 2016-06-07 GET /tokens > cr_token.json
+          TOKEN=$(jq -r '.data.authorizationToken' cr_token.json)
+          echo "::add-mask::$TOKEN"
           echo "json<<EOF" >> $GITHUB_OUTPUT
-          aliyun cr --force --version 2016-06-07 GET /tokens >> $GITHUB_OUTPUT
+          cat cr_token.json >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
+          rm -f cr_token.json
 
       - name: Login to Aliyun Container Registry
         uses: docker/login-action@v2