From 95f97299cc94b0cf211037c1f9d9e557f3b9ace5 Mon Sep 17 00:00:00 2001 From: Dan Debrunner Date: Fri, 24 May 2024 16:41:57 -0400 Subject: [PATCH] fix: don't try to mask the admin key --- README.md | 4 ++-- action.yml | 10 ++-------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 2ebda05..3efeff4 100644 --- a/README.md +++ b/README.md @@ -16,13 +16,13 @@ Node and StepZen CLI must be installed, see [stepzen-dev/stepzen-install action] - `domain` - StepZen domain (defaults to stepzen.net) - `account` - StepZen account name -- `adminkey` - Admin key of the StepZen account +- `adminkey` - Admin key of the StepZen account. If the workflow does not pull the key from GitHub secrets then it must ensure the key is masked using `::add-mask::`. ## Outputs - `domain` - StepZen domain - `account` - StepZen account name -- `apikey` - API key for the account (not the admin key) +- `apikey` - API key for the account (not the admin key). The value is masked using `::add-mask::`. ## Example diff --git a/action.yml b/action.yml index e1dbf5f..17d7c5f 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -# Copyright IBM Corp. 2023 +# Copyright IBM Corp. 2023, 2024 # Made available under the MIT License name: "Login to StepZen Server" @@ -15,7 +15,7 @@ inputs: description: "StepZen account name" required: true adminkey: - description: "Admin key of the StepZen account" + description: "Admin key of the StepZen account - ensure key is masked or comes from GitHub secrets" required: true outputs: @@ -32,12 +32,6 @@ outputs: runs: using: "composite" steps: - # Don't assume the admin key came from a secret so mask it for safety - - name: mask - shell: bash - run: | - adminkey=${{ inputs.adminkey }} - echo "::add-mask::${adminkey}" - name: "login" run: | stepzen login ${{ inputs.domain }} --account ${{ inputs.account }} --adminkey ${{ inputs.adminkey }}