False positives in hiding sensitive variables when using Vault variant (!70) · Merge requests · to be continuous... / semantic-release

Presentation

When using the Vault variant, in the job log, Semantic Release is hiding strings that should have been hidden.

Checklist

Documented:
- README.md reflects any job, variable or whichever visible change ==> Not applicable
- kicker.json reflects any job, variable or whichever visible change ==> Not applicable
Tested & examplified:
- Tested on an internal project

Before:

[10:20:21 AM] [[secure]] › ℹ  Running [secure] version 24.2.2
[10:20:23 AM] [[secure]] › ✔  Loaded plugin "verifyConditions" from "@[secure]/gitlab"
...
[10:20:23 AM] [[secure]] › ✔  Loaded plugin "fail" from "@[secure]/exec"
[10:20:25 AM] [[secure]] › ℹ  This test run was triggered on the branch [secure], while [secure] is configured to only [secure] from main, therefore a new version won’t be [secure]ed.

After:

[11:39:33 AM] [semantic-release] › ℹ  Running semantic-release version 24.2.2
[11:39:35 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/gitlab"
...
[11:39:35 AM] [semantic-release] › ✔  Loaded plugin "fail" from "@semantic-release/exec"
[11:39:37 AM] [semantic-release] › ℹ  This test run was triggered on the branch fix/debugging_semrel, while semantic-release is configured to only publish from main, therefore a new version won’t be published.

Edited Feb 10, 2025 by Benjamin Plusquellec

False positives in hiding sensitive variables when using Vault variant

Presentation

Checklist

Merge request reports