add token masking

autonomys · Nov 28, 2023 · 2fe0c94 · 2fe0c94
1 parent 2d35eef
commit 2fe0c94
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/.github/workflows/terraform_gh_runner.yml b/.github/workflows/terraform_gh_runner.yml
@@ -11,8 +11,8 @@ on:
 jobs:
   terraform_gh_runner:
     runs-on: ubuntu-latest
-    # env:
-    #   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
       - name: Checkout repository
@@ -29,8 +29,9 @@ jobs:
           # Install any dependencies required by your Terraform code
 
       - name: Run Bash Script
-        # env:
-        #   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        id: generate_runner_token
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           # GitHub repository and access token for github api calls, since GITHUB_TOKEN can't
           # be used for this purpose.
@@ -46,9 +47,12 @@ jobs:
           # Extract the token value from the response
           runner_token=$(echo "$response" | jq -r '.token')
 
-          # Store the token as a secret in GitHub Actions for use
+          # Mask the runner token in the logs
+          echo "::add-mask::$runner_token"
+
+          # Pass the runner token in GitHub Actions for use
           # in subsequent steps with terraform for runner registration
-          gh secret set RUNNER_TOKEN -r "$repo" -b "$runner_token"
+          echo "::set-output name=runner_token::$runner_token"
 
       - name: Fetch and write terraform.tfvars
         run: |
@@ -60,4 +64,4 @@ jobs:
         run: |
           terraform init
           terraform plan -var-file=/tmp/terraform.tfvars
-          terraform apply -auto-approve -var "gh_token=${{ secrets.RUNNER_TOKEN }}" -var-file=/tmp/terraform.tfvars
+          terraform apply -auto-approve -var "gh_token=${{ steps.generate_runner_token.outputs.runner_token }}" -var-file=/tmp/terraform.tfvars