From 64820223174c821250073157fc403bb59e773bc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Michel?= <francois.michel@uclouvain.be>
Date: Tue, 12 Dec 2023 15:12:44 +0000
Subject: [PATCH] avoid displaying secrets in github actions, even if they are
 not really secret

---
 .github/workflows/build.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index bb0d6a7..bb49ed1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -48,23 +48,23 @@ jobs:
       - name: Put test public key in testuser's authorized_identities
         env:
           TESTUSER_PUBKEY_BASE64: ${{ secrets.TESTUSER_PUBKEY_BASE64 }}
-        run: echo $TESTUSER_PUBKEY_BASE64 | base64 --decode | sudo tee ${{matrix.testuserhome}}/.ssh/authorized_identities
+        run: echo $TESTUSER_PUBKEY_BASE64 | base64 --decode | sudo cp /dev/stdin ${{matrix.testuserhome}}/.ssh/authorized_identities
       - name: Generate test private key
         env:
           TESTUSER_PRIVKEY_BASE64: ${{ secrets.TESTUSER_PRIVKEY_BASE64 }}
-        run: echo $TESTUSER_PRIVKEY_BASE64 | base64 --decode | sudo tee /privkey
+        run: echo $TESTUSER_PRIVKEY_BASE64 | base64 --decode | sudo cp /dev/stdin /privkey
       - name: Generate attacker's private key
         env:
           ATTACKER_PRIVKEY_BASE64: ${{ secrets.ATTACKER_PRIVKEY_BASE64 }}
-        run: echo $ATTACKER_PRIVKEY_BASE64 | base64 --decode | sudo tee /attacker-privkey
+        run: echo $ATTACKER_PRIVKEY_BASE64 | base64 --decode | sudo cp /dev/stdin /attacker-privkey
       - name: Generate server's cert private key
         env:
           TESTSERVER_CERT_PRIVKEY_BASE64: ${{ secrets.TESTSERVER_CERT_PRIVKEY_BASE64 }}
-        run: echo $TESTSERVER_CERT_PRIVKEY_BASE64 | base64 --decode | sudo tee /cert_priv.key
+        run: echo $TESTSERVER_CERT_PRIVKEY_BASE64 | base64 --decode | sudo cp /dev/stdin /cert_priv.key
       - name: Generate server's cert
         env:
           TESTSERVER_CERT_BASE64: ${{ secrets.TESTSERVER_CERT_BASE64 }}
-        run: echo $TESTSERVER_CERT_BASE64 | base64 --decode | sudo tee /cert.pem
+        run: echo $TESTSERVER_CERT_BASE64 | base64 --decode | sudo cp /dev/stdin /cert.pem
       - name: Classical unit tests
         run: env CC=${{matrix.archparams.cc}} CGO_ENABLED=1 GOOS=${{matrix.goos}} GOARCH=${{matrix.archparams.goarch}} go run github.com/onsi/ginkgo/v2/ginkgo -r
       - name: Integration tests