Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable logging of secret names #114

Open
idg10 opened this issue Feb 26, 2025 · 0 comments
Open

Enable logging of secret names #114

idg10 opened this issue Feb 26, 2025 · 0 comments

Comments

@idg10
Copy link

idg10 commented Feb 26, 2025

In https://github.com/corvus-dotnet/Corvus.Tenancy/actions/runs/13545108464/job/37854990278 we seem to be having a problem where a secret isn't flowing through to where it's needed.

We set it here:

https://github.com/corvus-dotnet/Corvus.Tenancy/blob/bb551956141f7153748c906d238cd4d24eee56cd/.github/workflows/build.yml#L52

TestSettings__AzureStorageConnectionString: "${{ secrets.ENDJIN_AZURESTORAGECONNECTIONSTRING }}"

I've checked in the GitHub project settings, and the named ENDJIN_AZURESTORAGECONNECTIONSTRING secret is present. But the unit tests that actually require the TestSettings__AzureStorageConnectionString environment variable to be set are behaving as if it's not there.

We retrieve the setting here:

https://github.com/corvus-dotnet/Corvus.Tenancy/blob/a5c3b347cc012f888d164e8cd1581db589f84bab/Solutions/Corvus.Tenancy.Specs/Bindings/TenancyContainerScenarioBindings.cs#L154

serviceCollection.AddSingleton(Configuration.GetSection("TestSettings").Get<TestSettings>() ?? new TestSettings());

and then use that value here:

https://github.com/corvus-dotnet/Corvus.Tenancy/blob/a5c3b347cc012f888d164e8cd1581db589f84bab/Solutions/Corvus.Tenancy.Specs/Features/BlobStorage/BlobStorageLegacyMigrationSteps.cs#L54-L56

this.testStorageConnectionString = string.IsNullOrWhiteSpace(this.testStorageOptions.AzureStorageConnectionString)
    ? "UseDevelopmentStorage=true"
    : this.testStorageOptions.AzureStorageConnectionString;

and as you can see, we call back to a value of UseDevelopmentStorage=true if the setting is absent. We're getting these test failures:

No connection could be made because the target machine actively refused it. (127.0.0.1:10000))

which suggests that it's using the fallback value—that's the address and port number the storage client will use if you tell it to use development storage.

I think something may be going wrong in set-env-vars-and-secrets because of this warning:

https://github.com/corvus-dotnet/Corvus.Tenancy/actions/runs/13545108464/job/37854990278#step:3:71

Can't add secret mask for empty string in ##[add-mask] command.

Neither of those Write-Host ("::add-mask::... lines should be producing an empty string. This suggest that either $env:INCOMING_SECRETS is empty, or that one of the values it contains is empty.

Obviously we can't just dump out the whole thing, but I was wondering if it would be possible for make the foreach look that adds each secret to $env:GITHUB_ENV display the name of each secret it adds. That way it would be possible to tell whether the entire INCOMING_SECRETS have gone missing, or whether it's just a particular value.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@idg10