Merge pull request #1353 from crazy-max/summary-secret-keys

only print secret keys in build summary output

src/context.ts

@@ -81,25 +81,6 @@ export async function getInputs(): Promise<Inputs> {
   };
 }
 
-export function sanitizeInputs(inputs: Inputs) {
-  const res = {};
-  for (const key of Object.keys(inputs)) {
-    if (key === 'github-token') {
-      continue;
-    }
-    const value: string | string[] | boolean = inputs[key];
-    if (typeof value === 'boolean' && value === false) {
-      continue;
-    } else if (Array.isArray(value) && value.length === 0) {
-      continue;
-    } else if (!value) {
-      continue;
-    }
-    res[key] = value;
-  }
-  return res;
-}
-
 export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
   const context = handlebars.compile(inputs.context)({
     defaultContext: Context.gitContext()

src/main.ts

@@ -24,8 +24,8 @@ actionsToolkit.run(
   async () => {
     const startedTime = new Date();
     const inputs: context.Inputs = await context.getInputs();
+    stateHelper.setSummaryInputs(inputs);
     core.debug(`inputs: ${JSON.stringify(inputs)}`);
-    stateHelper.setInputs(inputs);
 
     const toolkit = new Toolkit();
 
@@ -216,7 +216,7 @@ actionsToolkit.run(
           await GitHub.writeBuildSummary({
             exportRes: exportRes,
             uploadRes: uploadRes,
-            inputs: stateHelper.inputs
+            inputs: stateHelper.summaryInputs
           });
         } catch (e) {
           core.warning(e.message);

src/state-helper.ts

@@ -1,20 +1,18 @@
 import * as core from '@actions/core';
 
-import {Inputs, sanitizeInputs} from './context';
+import {Build} from '@docker/actions-toolkit/lib/buildx/build';
+
+import {Inputs} from './context';
 
 export const tmpDir = process.env['STATE_tmpDir'] || '';
-export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
 export const buildRef = process.env['STATE_buildRef'] || '';
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
+export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
 
 export function setTmpDir(tmpDir: string) {
   core.saveState('tmpDir', tmpDir);
 }
 
-export function setInputs(inputs: Inputs) {
-  core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
-}
-
 export function setBuildRef(buildRef: string) {
   core.saveState('buildRef', buildRef);
 }
@@ -22,3 +20,39 @@ export function setBuildRef(buildRef: string) {
 export function setSummarySupported() {
   core.saveState('isSummarySupported', 'true');
 }
+
+export function setSummaryInputs(inputs: Inputs) {
+  const res = {};
+  for (const key of Object.keys(inputs)) {
+    if (key === 'github-token') {
+      continue;
+    }
+    const value: string | string[] | boolean = inputs[key];
+    if (typeof value === 'boolean' && !value) {
+      continue;
+    } else if (Array.isArray(value)) {
+      if (value.length === 0) {
+        continue;
+      } else if (key === 'secrets' && value.length > 0) {
+        const secretKeys: string[] = [];
+        for (const secret of value) {
+          try {
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            const [skey, _] = Build.parseSecretKvp(secret, true);
+            secretKeys.push(skey);
+          } catch (err) {
+            // ignore invalid secret
+          }
+        }
+        if (secretKeys.length > 0) {
+          res[key] = secretKeys;
+        }
+        continue;
+      }
+    } else if (!value) {
+      continue;
+    }
+    res[key] = value;
+  }
+  core.saveState('summaryInputs', JSON.stringify(res));
+}