Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Actions: Enable masking option for ECR Login #19

Merged
merged 1 commit into from
Dec 11, 2023
Merged

GitHub Actions: Enable masking option for ECR Login #19

merged 1 commit into from
Dec 11, 2023

Conversation

ardelato
Copy link
Contributor

@ardelato ardelato commented Dec 11, 2023
edited
Loading

Description

There is a warning about the 'mask-password' option for the "amazon-ecr-login" action. If ran in debug mode, the password will be outputted. By default this option is not enabled as the expectation is to run the service after the deployment but as a secondary job. As such the password cannot be masked as it is needed to run the service.

https://github.com/aws-actions/amazon-ecr-login#run-an-image-as-a-service

However, this is not the workflow we have set up, therefore we need to enable the option to mask the password.

image

qa_req 0

@ardelato
gh actions: apply masking option to ecr login
5a0b9bc 
There is a warning about the 'mask-password' option for the
"amazon-ecr-login" action. If ran in debug mode, the password will be
outputted. By default this option is not enabled as the expectation is
to run the service after the deployment but as a secondary job. As
such the password cannot be masked as it is needed to run the service.

https://github.com/aws-actions/amazon-ecr-login#run-an-image-as-a-service

However, this is not the workflow we have set up, therefore we need to
enable the option to mask the password.
@ardelato ardelato added the QAE Quality Assurance Engineering label Dec 11, 2023
@ghost
Copy link

ghost commented Dec 11, 2023

👇 Click on the image for a new way to code review

Review these changes using an interactive CodeSee Map

Legend

CodeSee Map legend

djmetzle
djmetzle approved these changes Dec 11, 2023
View reviewed changes
Copy link

@djmetzle djmetzle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. Good fix. TIL. We should probably use this flag in most places we're using the ECR login Action! CR 🔐

@ardelato ardelato merged commit 982537b into main Dec 11, 2023
1 check passed
@ardelato ardelato deleted the tighten-deployment-workflow branch December 11, 2023 19:19
@ardelato
Copy link
Contributor Author

ooof looks like there is quite a bit of places https://github.com/search?q=org%3AiFixit%20aws-actions%2Famazon-ecr-login%40v1&type=code

ardelato added a commit to iFixit/react-commerce that referenced this pull request Dec 11, 2023
@ardelato
gh actions: apply masking option to ecr login
3ed663e 
There is a warning about the 'mask-password' option for the
"amazon-ecr-login" action. If ran in debug mode, the password will be
outputted. By default this option is not enabled as the expectation is
to run the service after the deployment but as a secondary job. As
such the password cannot be masked as it is needed to run the service.

https://github.com/aws-actions/amazon-ecr-login#run-an-image-as-a-service

However, this is not the workflow we have set up, therefore we need to
enable the option to mask the password.

Reference: iFixit/vigilo#19
@ardelato ardelato mentioned this pull request Dec 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djmetzle djmetzle djmetzle approved these changes

Assignees
No one assigned
Labels
QAE Quality Assurance Engineering
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ardelato @djmetzle