diff options
| author | quapka <quapka@gmail.com> | 2022-01-05 21:01:33 +0100 |
|---|---|---|
| committer | quapka <quapka@gmail.com> | 2022-01-05 21:01:33 +0100 |
| commit | a20edd86005f52540aad7c430a737330e76a8fb8 (patch) | |
| tree | 7a6826aeb6afcd4b5c29d8d3cc32893239f6be7a | |
| parent | 66d38e1ba92bf70c60b190e36307b9214e28c995 (diff) | |
| download | libxcrypt-a20edd86005f52540aad7c430a737330e76a8fb8.tar.gz libxcrypt-a20edd86005f52540aad7c430a737330e76a8fb8.tar.bz2 libxcrypt-a20edd86005f52540aad7c430a737330e76a8fb8.zip | |
Generate a sufficiently random stop-commands token
The token in ::stop-commands::{token} GA workflow command has to be a
cryptographically random and secure string. Definitely not a hardcoded string
literal. See the docs for details: https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#stopping-and-starting-workflow-commands
| -rwxr-xr-x | build-aux/ci/ci-log-logfiles | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/build-aux/ci/ci-log-logfiles b/build-aux/ci/ci-log-logfiles index 57633ab..1030ad9 100755 --- a/build-aux/ci/ci-log-logfiles +++ b/build-aux/ci/ci-log-logfiles @@ -1,12 +1,18 @@ #! /bin/sh +generate_secure_token() { + echo head --bytes 64 /dev/urandom | sha512sum --binary | cut --fields 1 --delimiter ' ' +} + dump_log () { if [ -s "$1" ]; then + local stop_command_token="$(generate_secure_token)" echo "::group::$1" - echo '::stop-commands::resume-50YEO1zJ8HSXH4Zy' + echo "::stop-commands::$stop_command_token" cat "$1" - echo '::resume-50YEO1zJ8HSXH4Zy::' + echo "::$stop_command_token::" echo '::endgroup::' + unset stop_command_token fi } |