Use shared secret redacting

bitrise-io · Sep 8, 2023 · 9125a56 · 9125a56
1 parent ffe9345
commit 9125a56
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 19 deletions.
diff --git a/cli/analytics.go b/cli/analytics.go
@@ -5,8 +5,9 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/bitrise-io/bitrise/stepruncmd/filterwriter"
 	"github.com/bitrise-io/envman/models"
+	"github.com/bitrise-io/go-utils/v2/log"
+	"github.com/bitrise-io/go-utils/v2/redactwriter"
 )
 
 func redactStepInputs(environment map[string]string, inputs []models.EnvironmentItemModel, secrets []string) (map[string]string, map[string]string, error) {
@@ -49,12 +50,12 @@ func redactStepInputs(environment map[string]string, inputs []models.Environment
 func redactWithSecrets(inputValue string, secrets []string) (string, error) {
 	src := bytes.NewReader([]byte(inputValue))
 	dstBuf := new(bytes.Buffer)
-	secretFilterDst := filterwriter.New(secrets, dstBuf)
+	redactWriterDst := redactwriter.New(secrets, dstBuf, log.NewLogger())
 
-	if _, err := io.Copy(secretFilterDst, src); err != nil {
+	if _, err := io.Copy(redactWriterDst, src); err != nil {
 		return "", fmt.Errorf("failed to redact secrets, stream copy failed: %s", err)
 	}
-	if err := secretFilterDst.Close(); err != nil {
+	if err := redactWriterDst.Close(); err != nil {
 		return "", fmt.Errorf("failed to redact secrets, closing the stream failed: %s", err)
 	}
 

diff --git a/cli/run_util.go b/cli/run_util.go
@@ -33,6 +33,7 @@ import (
 	"github.com/bitrise-io/go-utils/pointers"
 	"github.com/bitrise-io/go-utils/retry"
 	coreanalytics "github.com/bitrise-io/go-utils/v2/analytics"
+	logV2 "github.com/bitrise-io/go-utils/v2/log"
 	"github.com/bitrise-io/go-utils/versions"
 	stepmanModels "github.com/bitrise-io/stepman/models"
 )
@@ -433,7 +434,7 @@ func (r WorkflowRunner) executeStep(
 		return 1, fmt.Errorf("failed to read command environment: %w", err)
 	}
 
-	cmd := stepruncmd.New(name, args, bitriseSourceDir, envs, stepSecrets, timeout, noOutputTimeout, stdout)
+	cmd := stepruncmd.New(name, args, bitriseSourceDir, envs, stepSecrets, timeout, noOutputTimeout, stdout, logV2.NewLogger())
 	return cmd.Run()
 }
 

diff --git a/stepruncmd/stdout.go b/stepruncmd/stdout.go
@@ -4,34 +4,35 @@ import (
 	"io"
 
 	"github.com/bitrise-io/bitrise/stepruncmd/errorfinder"
-	"github.com/bitrise-io/bitrise/stepruncmd/filterwriter"
+	"github.com/bitrise-io/go-utils/v2/log"
+	"github.com/bitrise-io/go-utils/v2/redactwriter"
 )
 
 type StdoutWriter struct {
 	writer io.Writer
 
-	secretWriter *filterwriter.Writer
+	redactWriter *redactwriter.Writer
 	errorWriter  *errorfinder.ErrorFinder
 	destWriter   io.Writer
 }
 
-func NewStdoutWriter(secrets []string, dest io.Writer) StdoutWriter {
+func NewStdoutWriter(secrets []string, dest io.Writer, logger log.Logger) StdoutWriter {
 	var outWriter io.Writer
 	outWriter = dest
 
 	errorWriter := errorfinder.NewErrorFinder(outWriter)
 	outWriter = errorWriter
 
-	var secretWriter *filterwriter.Writer
+	var redactWriter *redactwriter.Writer
 	if len(secrets) > 0 {
-		secretWriter = filterwriter.New(secrets, outWriter)
-		outWriter = secretWriter
+		redactWriter = redactwriter.New(secrets, outWriter, logger)
+		outWriter = redactWriter
 	}
 
 	return StdoutWriter{
 		writer: outWriter,
 
-		secretWriter: secretWriter,
+		redactWriter: redactWriter,
 		errorWriter:  errorWriter,
 		destWriter:   dest,
 	}
@@ -42,8 +43,8 @@ func (w StdoutWriter) Write(p []byte) (n int, err error) {
 }
 
 func (w StdoutWriter) Close() error {
-	if w.secretWriter != nil {
-		if err := w.secretWriter.Close(); err != nil {
+	if w.redactWriter != nil {
+		if err := w.redactWriter.Close(); err != nil {
 			return err
 		}
 	}

diff --git a/stepruncmd/stepruncmd.go b/stepruncmd/stepruncmd.go
@@ -8,32 +8,33 @@ import (
 	"os/exec"
 	"time"
 
-	"github.com/bitrise-io/bitrise/log"
 	"github.com/bitrise-io/bitrise/stepruncmd/timeoutcmd"
+	"github.com/bitrise-io/go-utils/v2/log"
 )
 
 type Cmd struct {
 	cmd    timeoutcmd.Command
 	stdout StdoutWriter
+	logger log.Logger
 }
 
-func New(name string, args []string, workDir string, envs, secrets []string, timeout, noOutputTimeout time.Duration, stdout io.Writer) Cmd {
-	outWriter := NewStdoutWriter(secrets, stdout)
+func New(name string, args []string, workDir string, envs, secrets []string, timeout, noOutputTimeout time.Duration, stdout io.Writer, logger log.Logger) Cmd {
+	outWriter := NewStdoutWriter(secrets, stdout, logger)
 
 	cmd := timeoutcmd.New(workDir, name, args...)
 	cmd.SetTimeout(timeout)
 	cmd.SetHangTimeout(noOutputTimeout)
 	cmd.SetStandardIO(os.Stdin, outWriter, outWriter)
 	cmd.SetEnv(append(envs, "PWD="+workDir))
 
-	return Cmd{cmd: cmd, stdout: outWriter}
+	return Cmd{cmd: cmd, stdout: outWriter, logger: logger}
 }
 
 func (c *Cmd) Run() (int, error) {
 	cmdErr := c.cmd.Start()
 
 	if err := c.stdout.Close(); err != nil {
-		log.Warnf("Failed to close command output writer: %s", err)
+		c.logger.Warnf("Failed to close command output writer: %s", err)
 	}
 
 	if cmdErr == nil {