Skip to content

Commit a17b902

Browse files
JohTJohT
committed
Generate neo4j password and mask it
1 parent 091e5be commit a17b902

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

.github/workflows/typescript-code-analysis.yml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@ on:
3636
- '.github/workflows/java-code-analysis.yml'
3737
- '.github/workflows/*documentation.yml'
3838

39-
# Requires the secret NEO4J_INITIAL_PASSWORD to be configured
4039
jobs:
4140
analysis-results:
4241
runs-on: ubuntu-latest
@@ -64,14 +63,24 @@ jobs:
6463
- name: (Code Analysis Setup) Set ANALYSIS_NAME
6564
run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> $GITHUB_ENV
6665

66+
- name: (Code Analysis Setup) Generate Neo4j Initial Password
67+
id: generate_neo4j_initial_password
68+
shell: bash
69+
# generated_password=$(LC_ALL=C tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 10)
70+
run: |
71+
generated_password=$( LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 12; echo )
72+
echo "$generated_password"
73+
echo "::add-mask::$generated_password"
74+
echo "neo4j_initial_password=$generated_password" >> "$GITHUB_OUTPUT"
75+
6776
- name: Setup Code Analysis
6877
uses: ./.github/actions/setup-code-analysis
6978
with:
7079
java-version: ${{ matrix.java }}
7180
python-version: ${{ matrix.python }}
7281
miniforge-version: ${{ matrix.miniforge }}
7382
analysis-name: ${{ env.ANALYSIS_NAME }}
74-
neo4j-password: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
83+
neo4j-password: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
7584

7685
- name: (Code Analysis Setup) Download ${{ env.ANALYSIS_NAME }}
7786
working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
@@ -93,7 +102,7 @@ jobs:
93102
# Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
94103
shell: bash -el {0}
95104
env:
96-
NEO4J_INITIAL_PASSWORD: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
105+
NEO4J_INITIAL_PASSWORD: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
97106
ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
98107
IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
99108
run: |

0 commit comments

Comments
 (0)