From 7e13b2c46c4d29f9eb71369c4eaff6c4f2db503d Mon Sep 17 00:00:00 2001
From: Yi Chen <110491681+yyichenn@users.noreply.github.com>
Date: Tue, 19 Sep 2023 12:18:05 -0700
Subject: [PATCH] Treat maskPassword as false only if explicitly set to false

---
 README.md     | 5 +++++
 dist/index.js | 2 +-
 index.js      | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 758e9822..956ad4a4 100644
--- a/README.md
+++ b/README.md
@@ -137,6 +137,9 @@ for details on how to configure ECR policies
 
 Use the action to output your Docker credentials for logging into ECR Private, then use the credentials to run your private image as a service in another job.
 
+> [!WARNING]
+> Setting `mask-password` to `'false'` will log your Docker password output if [debug logging is enabled](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging).
+> For more information, see the [Docker Credentials](#docker-credentials) section below.
 
 ```yaml
 jobs:
@@ -152,6 +155,8 @@ jobs:
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
+        with:
+          mask-password: 'false'
     outputs:
       registry: ${{ steps.login-ecr.outputs.registry }}
       docker_username: ${{ steps.login-ecr.outputs.docker_username_123456789012_dkr_ecr_us_east_1_amazonaws_com }} # More information on these outputs can be found below in the 'Docker Credentials' section
diff --git a/dist/index.js b/dist/index.js
index 6b3728a5..78ba80f2 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -112,7 +112,7 @@ function replaceSpecialCharacters(registryUri) {
 async function run() {
   // Get inputs
   const httpProxy = core.getInput(INPUTS.httpProxy, { required: false });
-  const maskPassword = (core.getInput(INPUTS.maskPassword, { required: false }).toLowerCase() || 'true') === 'true';
+  const maskPassword = (core.getInput(INPUTS.maskPassword, { required: false }).toLowerCase() || 'true') !== 'false';
   const registries = core.getInput(INPUTS.registries, { required: false });
   const registryType = core.getInput(INPUTS.registryType, { required: false }).toLowerCase() || REGISTRY_TYPES.private;
   const skipLogout = core.getInput(INPUTS.skipLogout, { required: false }).toLowerCase() === 'true';
diff --git a/index.js b/index.js
index 7a76ceb1..90daacc5 100644
--- a/index.js
+++ b/index.js
@@ -106,7 +106,7 @@ function replaceSpecialCharacters(registryUri) {
 async function run() {
   // Get inputs
   const httpProxy = core.getInput(INPUTS.httpProxy, { required: false });
-  const maskPassword = (core.getInput(INPUTS.maskPassword, { required: false }).toLowerCase() || 'true') === 'true';
+  const maskPassword = (core.getInput(INPUTS.maskPassword, { required: false }).toLowerCase() || 'true') !== 'false';
   const registries = core.getInput(INPUTS.registries, { required: false });
   const registryType = core.getInput(INPUTS.registryType, { required: false }).toLowerCase() || REGISTRY_TYPES.private;
   const skipLogout = core.getInput(INPUTS.skipLogout, { required: false }).toLowerCase() === 'true';