Skip to content

Commit d247cf8

Browse files
JohTJohT
committed
Generate neo4j password and mask it
1 parent 091e5be commit d247cf8

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

.github/workflows/typescript-code-analysis.yml

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@ on:
3636
- '.github/workflows/java-code-analysis.yml'
3737
- '.github/workflows/*documentation.yml'
3838

39-
# Requires the secret NEO4J_INITIAL_PASSWORD to be configured
4039
jobs:
4140
analysis-results:
4241
runs-on: ubuntu-latest
@@ -64,14 +63,22 @@ jobs:
6463
- name: (Code Analysis Setup) Set ANALYSIS_NAME
6564
run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> $GITHUB_ENV
6665

66+
- name: (Code Analysis Setup) Generate Neo4j Initial Password
67+
id: generate_neo4j_initial_password
68+
shell: bash
69+
run: |
70+
generated_password=$(echo "$(LC_ALL=C tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 10)")
71+
echo "::add-mask::$generated_password"
72+
echo "neo4j_initial_password=$generated_password" >> "$GITHUB_OUTPUT"
73+
6774
- name: Setup Code Analysis
6875
uses: ./.github/actions/setup-code-analysis
6976
with:
7077
java-version: ${{ matrix.java }}
7178
python-version: ${{ matrix.python }}
7279
miniforge-version: ${{ matrix.miniforge }}
7380
analysis-name: ${{ env.ANALYSIS_NAME }}
74-
neo4j-password: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
81+
neo4j-password: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
7582

7683
- name: (Code Analysis Setup) Download ${{ env.ANALYSIS_NAME }}
7784
working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
@@ -93,7 +100,7 @@ jobs:
93100
# Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
94101
shell: bash -el {0}
95102
env:
96-
NEO4J_INITIAL_PASSWORD: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
103+
NEO4J_INITIAL_PASSWORD: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
97104
ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
98105
IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
99106
run: |

0 commit comments

Comments
 (0)