Skip to content

Commit 83c8c89

Browse files
JohTJohT
committed
Generate neo4j password and mask it
1 parent 091e5be commit 83c8c89

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

.github/workflows/typescript-code-analysis.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@ on:
3636
- '.github/workflows/java-code-analysis.yml'
3737
- '.github/workflows/*documentation.yml'
3838

39-
# Requires the secret NEO4J_INITIAL_PASSWORD to be configured
4039
jobs:
4140
analysis-results:
4241
runs-on: ubuntu-latest
@@ -64,14 +63,23 @@ jobs:
6463
- name: (Code Analysis Setup) Set ANALYSIS_NAME
6564
run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> $GITHUB_ENV
6665

66+
- name: (Code Analysis Setup) Generate Neo4j Initial Password
67+
id: generate_neo4j_initial_password
68+
shell: bash
69+
# generated_password=$(LC_ALL=C tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 10)
70+
run: |
71+
generated_password=$(head -c 10 <(LC_ALL=C tr -dc 'A-Za-z0-9!?%=' < /dev/urandom))
72+
echo "::add-mask::$generated_password"
73+
echo "neo4j_initial_password=$generated_password" >> "$GITHUB_OUTPUT"
74+
6775
- name: Setup Code Analysis
6876
uses: ./.github/actions/setup-code-analysis
6977
with:
7078
java-version: ${{ matrix.java }}
7179
python-version: ${{ matrix.python }}
7280
miniforge-version: ${{ matrix.miniforge }}
7381
analysis-name: ${{ env.ANALYSIS_NAME }}
74-
neo4j-password: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
82+
neo4j-password: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
7583

7684
- name: (Code Analysis Setup) Download ${{ env.ANALYSIS_NAME }}
7785
working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
@@ -93,7 +101,7 @@ jobs:
93101
# Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
94102
shell: bash -el {0}
95103
env:
96-
NEO4J_INITIAL_PASSWORD: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
104+
NEO4J_INITIAL_PASSWORD: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
97105
ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
98106
IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
99107
run: |

0 commit comments

Comments
 (0)