Get secret from GITHUB_EVENT_PATH to not leak

Matyrobbrt · Matyrobbrt · commit 9ad398997ec5 · 2025-04-23T19:12:57.000+03:00
diff --git a/action-runner/action.yml b/action-runner/action.yml
@@ -4,7 +4,9 @@ description: 'An action for publishing PRs'
 inputs:
   endpoint:
     description: Endpoint to login
-    required: true
+  endpoint-input:
+    description: If endpoint is not provided, it will be gotten from the input value with this name of the action
+    default: endpoint
 
 runs:
   using: node20
diff --git a/action-runner/dist/index.js b/action-runner/dist/index.js
diff --git a/action-runner/src/main.ts b/action-runner/src/main.ts
@@ -23,7 +23,12 @@ export async function run() {
   }
   workspace = path.resolve(githubWorkspacePath)
 
-  const endpoint = core.getInput("endpoint")
+  let endpoint = core.getInput("endpoint")
+  if (!endpoint) {
+    const json = JSON.parse(await fs.readFile(process.env['GITHUB_EVENT_PATH']!!, {encoding: 'utf8'}))
+    endpoint = json.inputs[core.getInput('endpoint-input')]
+  }
+
   core.setSecret(endpoint)
   await setupWs(endpoint, onMessage)
 }

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,12 @@ export async function run() {`
`23`	`23`	`}`
`24`	`24`	`workspace = path.resolve(githubWorkspacePath)`
`25`	`25`
`26`		`- const endpoint = core.getInput("endpoint")`
	`26`	`+ let endpoint = core.getInput("endpoint")`
	`27`	`+ if (!endpoint) {`
	`28`	`+ const json = JSON.parse(await fs.readFile(process.env['GITHUB_EVENT_PATH']!!, {encoding: 'utf8'}))`
	`29`	`+ endpoint = json.inputs[core.getInput('endpoint-input')]`
	`30`	`+ }`
	`31`	`+`
`27`	`32`	`core.setSecret(endpoint)`
`28`	`33`	`await setupWs(endpoint, onMessage)`
`29`	`34`	`}`