防止在 Concourse 中记录特定命令 CI
Prevent logging a specific command in Concourse CI
我有一个基于 shell 的 concourse 任务,它在其中一个命令中使用半敏感凭据(测试服务器的密钥)。我想避免将其记录在任务输出中。
管道的要点是:
jobs:
- name: foobar
plan:
<...>
- task: build
config:
platform: linux
image_resource:
type: docker-image
source:
repository: ubuntu
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
foobar {{my-secret-data}} # <-- hide this one!
another-command-which-is-ok-to-print
当前输出显示为:
+ command-which-is-ok-to-print
results of first command which are OK to print
+ foobar "oh-no-secret-data-here!" <-- hide this one!
more results which are OK to print
+ another-command-which-is-ok-to-print
even more results which are OK to print
有没有办法禁止打印这一特定行?
我发现 -exc
实际上是在设置标志 e
和 x
(我以为它是 execute
的简写!
-x
是导致命令被回显的原因(由 bash 本身而不是大厅),因此这成功地阻止了执行单个命令:
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
set +x
foobar {{my-secret-data}}
set -x
another-command-which-is-ok-to-print
我有一个基于 shell 的 concourse 任务,它在其中一个命令中使用半敏感凭据(测试服务器的密钥)。我想避免将其记录在任务输出中。
管道的要点是:
jobs:
- name: foobar
plan:
<...>
- task: build
config:
platform: linux
image_resource:
type: docker-image
source:
repository: ubuntu
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
foobar {{my-secret-data}} # <-- hide this one!
another-command-which-is-ok-to-print
当前输出显示为:
+ command-which-is-ok-to-print
results of first command which are OK to print
+ foobar "oh-no-secret-data-here!" <-- hide this one!
more results which are OK to print
+ another-command-which-is-ok-to-print
even more results which are OK to print
有没有办法禁止打印这一特定行?
我发现 -exc
实际上是在设置标志 e
和 x
(我以为它是 execute
的简写!
-x
是导致命令被回显的原因(由 bash 本身而不是大厅),因此这成功地阻止了执行单个命令:
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
set +x
foobar {{my-secret-data}}
set -x
another-command-which-is-ok-to-print