防止在 Concourse 中记录特定命令 CI

Prevent logging a specific command in Concourse CI

我有一个基于 shell 的 concourse 任务,它在其中一个命令中使用半敏感凭据(测试服务器的密钥)。我想避免将其记录在任务输出中。

管道的要点是:

jobs:
- name: foobar
  plan:
  <...>
  - task: build
    config:
      platform: linux
      image_resource:
        type: docker-image
        source:
          repository: ubuntu
      <...>
      run:
        path: bash
        args:
        - -exc
        - |
          command-which-is-ok-to-print
          foobar {{my-secret-data}}               # <-- hide this one!
          another-command-which-is-ok-to-print

当前输出显示为:

+ command-which-is-ok-to-print
results of first command which are OK to print
+ foobar "oh-no-secret-data-here!"                  <-- hide this one!
more results which are OK to print
+ another-command-which-is-ok-to-print
even more results which are OK to print

有没有办法禁止打印这一特定行?

我发现 -exc 实际上是在设置标志 ex(我以为它是 execute 的简写!

-x 是导致命令被回显的原因(由 bash 本身而不是大厅),因此这成功地阻止了执行单个命令:

  <...>
  run:
    path: bash
    args:
    - -exc
    - |
      command-which-is-ok-to-print
      set +x
      foobar {{my-secret-data}}
      set -x
      another-command-which-is-ok-to-print