Good afternoon, I have been dealing with failing units test when my github actions workflow is ran on github, yet when I run the same unit tests on my local computer the unit test run without any issues. My Package, RAQSAPI is an API wrapper package that uses httr2 for making calls to an API. The package requires a username and key to use the API. I have the username and key saved as github secrets on github. At some point github started obfuscating any text strings that contain these keys. I understand why this change was made but now I have no way of figuring out why my unit tests are failing without the ability of viewing exactly what URL the unit tests are sending to the API. I do see that a http 400 error is being thrown. But I really need to see the unobfuscated github actions output to be able to pinpoint what exactly is the problem.
There are several ways to retrieve a string that includes a token. E.g. you can encode it with some encoder, e.g. base64 encode it. You can write it to a file and then upload that file as an artifact.
If this is a public repo, then you'll need to be careful that other GitHub users that can see your workflow output won't be able to retrieve your token.
But also, GitHub only omits the token, no? So you can actually see the URL, only the token is replaced with ***
, or whatever placeholder they use?
Thank you for your reply, I am not worried about the key being viewed publicly momentarily. The keys are automatically generated and I can revoke the old one and generate a new one at any time fairly easily. Also Github is obfuscating the entire url that contains the key and username, so I have no idea what it is doing. Also I am of the belief that it is sending litteral asterisks as the username and key but because the url is obfuscated I have no way of proving that is what is actually happening. My unit test on github started failing when github started obfuscating the entire url.
I have not tried this base64 encoder but I have tried inserting spaces between each character of the output of the url. Github was smart enough to detect what was happening and obfuscated that too. So I don't know if using a base64 encoder will help but I guess that I could give it a try. The same goes for saving the url as an artifact. My guess is github will detect what the code is trying to do and obfuscate the output. But I'll try it to see if it actually does that.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
If you have a query related to it or one of the replies, start a new topic and refer back with a link.