RepoMirrors/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus synced 2025-02-19 05:57:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

scripts/sync_makefiles.sh: mask token in logs (#5465)

Browse Source 
Circle CI doesn't mask automatically secret environment variables in
logs.

Signed-off-by: Simon Pasquier <spasquie@redhat.com>
This commit is contained in:
Simon Pasquier 2019-04-17 14:41:06 +02:00 committed by GitHub
parent deeb79fec0
commit 0607462008
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
scripts/sync_makefiles.sh
View File

@ -1,5 +1,6 @@
#!/bin/bash #!/bin/bash
# Setting -x is absolutely forbidden as it could leak the GitHub token.
set -uo pipefail set -uo pipefail
# GITHUB_TOKEN required scope: repo.repo_public # GITHUB_TOKEN required scope: repo.repo_public
@ -27,8 +28,10 @@ source_checksum="$(sha256sum Makefile.common | cut -d' ' -f1)"
tmp_dir=$(mktemp -d) tmp_dir=$(mktemp -d)
trap "rm -rf ${tmp_dir}" EXIT trap "rm -rf ${tmp_dir}" EXIT
# iterate over all repositories in ${org} # Iterate over all repositories in ${org}. The GitHub API can return 100 items
curl --retry 5 --silent -u "${git_user}:${GITHUB_TOKEN}" https://api.github.com/users/${org}/repos 2>/dev/null | jq -r '.[] | select( .name != "prometheus" ) | .name' | while read -r; do # at most but it should be enough for us as there are less than 40 repositories
# currently.
curl --retry 5 --silent -u "${git_user}:${GITHUB_TOKEN}" https://api.github.com/users/${org}/repos?per_page=100 2>/dev/null | jq -r '.[] | select( .name != "prometheus" ) | .name' | while read -r; do
repo="${REPLY}" repo="${REPLY}"
echo -e "\e[32mAnalyzing '${repo}'\e[0m" echo -e "\e[32mAnalyzing '${repo}'\e[0m"
@ -44,7 +47,7 @@ curl --retry 5 --silent -u "${git_user}:${GITHUB_TOKEN}" https://api.github.com/
fi fi
# Clone target repo to temporary directory and checkout to new branch # Clone target repo to temporary directory and checkout to new branch
git clone "https://github.com/${org}/${repo}.git" "${tmp_dir}/${repo}" git clone --quiet "https://github.com/${org}/${repo}.git" "${tmp_dir}/${repo}"
cd "${tmp_dir}/${repo}" cd "${tmp_dir}/${repo}"
git checkout -b "${branch}" git checkout -b "${branch}"
@ -55,8 +58,10 @@ curl --retry 5 --silent -u "${git_user}:${GITHUB_TOKEN}" https://api.github.com/
git config user.name "${git_user}" git config user.name "${git_user}"
git add . git add .
git commit -s -m "${commit_msg}" git commit -s -m "${commit_msg}"
if git push "https://${GITHUB_TOKEN}:@github.com/${org}/${repo}" --set-upstream "${branch}"; then # stderr is redirected to /dev/null otherwise git-push could leak the token in the logs.
curl -u "${git_user}:${GITHUB_TOKEN}" \ if git push --quiet "https://${GITHUB_TOKEN}:@github.com/${org}/${repo}" --set-upstream "${branch}" 2>/dev/null; then
curl --show-error --silent \
-u "${git_user}:${GITHUB_TOKEN}" \
-X POST \ -X POST \
-d "{\"title\":\"${pr_title}\",\"base\":\"master\",\"head\":\"${branch}\",\"body\":\"${pr_msg}\"}" \ -d "{\"title\":\"${pr_title}\",\"base\":\"master\",\"head\":\"${branch}\",\"body\":\"${pr_msg}\"}" \
"https://api.github.com/repos/${org}/${repo}/pulls" "https://api.github.com/repos/${org}/${repo}/pulls"