Github 操作从 aws cli 中隐藏了 URL
Github Actions hides URL's from aws cli
我们正在使用 Github 操作来实现我们在 AWS ELB 中的 CI/CD 管道。我们的工作流程之一是使用命令“aws elasticbeanstalk request-environment-info”和“aws elasticbeanstalk retrieve-environment-info”请求日志。问题是当 Github 代理从 AWS 获取信息时,它隐藏了 URL 用于获取 AWS 中的日志。
name: Request logs
env:
EB_PACKAGE_S3_BUCKET_NAME : "s3bucket"
EB_APPLICATION_NAME : "appname"
AWS_REGION_NAME : "us-east-2"
# Controls when the workflow will run
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
environment_name:
type: choice
description: Select the environment to get logs from
required: true
options:
- app-dev
- app-prod
info_type:
type: choice
description: 100 last lines (tail) or full log (bundle)
required: true
options:
- "tail"
- "bundle"
jobs:
RequestLogs:
runs-on: ubuntu-latest
steps:
- name: Configure my AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id : ${{ secrets.MY_AWS_ACCES_KEY }}
aws-secret-access-key: ${{ secrets.MY_AWS_SECRET_KEY }}
aws-region : ${{ env.AWS_REGION_NAME }}
- name: Request logs
run : |
aws elasticbeanstalk request-environment-info \
--environment-name ${{ github.event.inputs.environment_name }} \
--info-type ${{ github.event.inputs.info_type }}
- name: Sleep for 30 seconds
uses: jakejarvis/wait-action@master
with:
time: '30s'
- name: Retrieve logs
run : |
aws elasticbeanstalk retrieve-environment-info \
--environment-name ${{ github.event.inputs.environment_name }} \
--info-type ${{ github.event.inputs.info_type }}
预期响应:
"EnvironmentInfo": [
{
"InfoType": "tail",
"Ec2InstanceId": "intanceid",
"SampleTimestamp": "date and time",
"Message": "https://elasticbeanstalk-us-east-2-123456789.s3.us-east-2.amazonaws.com/resources/environments/logs/someHeaders"
}
真实回复:
"EnvironmentInfo": [
{
"InfoType": "tail",
"Ec2InstanceId": "intanceid",
"SampleTimestamp": "date and time",
"Message": "https://elasticbeanstalk-us-east-2-*******.s3.us-east-2.amazonaws.com/resources/environments/logs/someHeaders"
}
Github 代理认为该数字 (https://elasticbeanstalk-us-east-2-123456789) 是秘密的并隐藏它 (https:// elasticbeanstalk-us-east-2-*****),但我们在 Github 设置中没有这样的秘密。我们如何才能看到完整的 URL?
由于您的 AWS 账户 ID 设置为机密,GitHub 将自动编辑该文本字符串在操作日志中的任何位置。可以找到更多信息以及一些绕过它的方法 here。
编辑:
默认情况下,操作 aws-actions/configure-aws-credentials 会屏蔽帐户 ID。您可以通过将参数 mask-aws-account-id: false 传递给操作来取消屏蔽它。这是架构相关部分的 link。
感谢@mpriscella
答案是:aws configure credentials 自动隐藏您的账户 ID(可能还有其他)。
有显示它的方法 - 添加参数 mask-aws-account-id: no (或者作为 mansioned @mpriscella false 代替否):
steps:
- name: Configure my AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id : ${{ secrets.MY_AWS_ACCES_KEY }}
aws-secret-access-key: ${{ secrets.MY_AWS_SECRET_KEY }}
aws-region : ${{ env.AWS_REGION_NAME }}
mask-aws-account-id : no
我们正在使用 Github 操作来实现我们在 AWS ELB 中的 CI/CD 管道。我们的工作流程之一是使用命令“aws elasticbeanstalk request-environment-info”和“aws elasticbeanstalk retrieve-environment-info”请求日志。问题是当 Github 代理从 AWS 获取信息时,它隐藏了 URL 用于获取 AWS 中的日志。
name: Request logs
env:
EB_PACKAGE_S3_BUCKET_NAME : "s3bucket"
EB_APPLICATION_NAME : "appname"
AWS_REGION_NAME : "us-east-2"
# Controls when the workflow will run
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
environment_name:
type: choice
description: Select the environment to get logs from
required: true
options:
- app-dev
- app-prod
info_type:
type: choice
description: 100 last lines (tail) or full log (bundle)
required: true
options:
- "tail"
- "bundle"
jobs:
RequestLogs:
runs-on: ubuntu-latest
steps:
- name: Configure my AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id : ${{ secrets.MY_AWS_ACCES_KEY }}
aws-secret-access-key: ${{ secrets.MY_AWS_SECRET_KEY }}
aws-region : ${{ env.AWS_REGION_NAME }}
- name: Request logs
run : |
aws elasticbeanstalk request-environment-info \
--environment-name ${{ github.event.inputs.environment_name }} \
--info-type ${{ github.event.inputs.info_type }}
- name: Sleep for 30 seconds
uses: jakejarvis/wait-action@master
with:
time: '30s'
- name: Retrieve logs
run : |
aws elasticbeanstalk retrieve-environment-info \
--environment-name ${{ github.event.inputs.environment_name }} \
--info-type ${{ github.event.inputs.info_type }}
预期响应:
"EnvironmentInfo": [
{
"InfoType": "tail",
"Ec2InstanceId": "intanceid",
"SampleTimestamp": "date and time",
"Message": "https://elasticbeanstalk-us-east-2-123456789.s3.us-east-2.amazonaws.com/resources/environments/logs/someHeaders"
}
真实回复:
"EnvironmentInfo": [
{
"InfoType": "tail",
"Ec2InstanceId": "intanceid",
"SampleTimestamp": "date and time",
"Message": "https://elasticbeanstalk-us-east-2-*******.s3.us-east-2.amazonaws.com/resources/environments/logs/someHeaders"
}
Github 代理认为该数字 (https://elasticbeanstalk-us-east-2-123456789) 是秘密的并隐藏它 (https:// elasticbeanstalk-us-east-2-*****),但我们在 Github 设置中没有这样的秘密。我们如何才能看到完整的 URL?
由于您的 AWS 账户 ID 设置为机密,GitHub 将自动编辑该文本字符串在操作日志中的任何位置。可以找到更多信息以及一些绕过它的方法 here。
编辑:
默认情况下,操作 aws-actions/configure-aws-credentials 会屏蔽帐户 ID。您可以通过将参数 mask-aws-account-id: false 传递给操作来取消屏蔽它。这是架构相关部分的 link。
感谢@mpriscella
答案是:aws configure credentials 自动隐藏您的账户 ID(可能还有其他)。
有显示它的方法 - 添加参数 mask-aws-account-id: no (或者作为 mansioned @mpriscella false 代替否):
steps:
- name: Configure my AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id : ${{ secrets.MY_AWS_ACCES_KEY }}
aws-secret-access-key: ${{ secrets.MY_AWS_SECRET_KEY }}
aws-region : ${{ env.AWS_REGION_NAME }}
mask-aws-account-id : no