From 630b523c06d8636ef980d2c1e3d4fbe53e3d0f3f Mon Sep 17 00:00:00 2001 From: Aneesh Agrawal Date: Thu, 29 Sep 2016 07:28:14 -0400 Subject: [PATCH] Don't leak GitHub tokens during network failures If git is unable to resolve the repo address (which includes the token), it will print a message to stderr with the path to the repo, thus leaking the token. Avoid doing this, and also suppress stdout to be extra careful. --- etc/ci/update_brew.sh | 7 ++++--- etc/ci/upload_docs.sh | 4 +++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/etc/ci/update_brew.sh b/etc/ci/update_brew.sh index 1bb741c1295..66bc425d860 100755 --- a/etc/ci/update_brew.sh +++ b/etc/ci/update_brew.sh @@ -16,7 +16,6 @@ PACKAGENAME=$(basename ${PACKAGEPATH}) REGEX="s/servo-.*\([0-9]\{4\}\)-\([0-9]\{2\}\)-\([0-9]\{2\}\).tar.gz/\1.\2.\3/p" VERSION=$(echo ${PACKAGENAME}| sed -n "${REGEX}") SHA=$(shasum -a 256 ${PACKAGEPATH} | sed -e 's/ .*//') -GIT="https://${TOKEN}@github.com/servo/homebrew-servo.git" # See upload_nightly.sh PACKAGEURL="https://download.servo.org/nightly/macbrew/${PACKAGENAME}" @@ -31,7 +30,7 @@ cd ${TMP_DIR} echo ${TMP_DIR} echo "Cloning" -git clone ${GIT} +git clone https://github.com/servo/homebrew-servo.git cd homebrew-servo # Not using "/" as it's used in PACKAGEURL @@ -43,5 +42,7 @@ cat ${SCRIPTDIR}/servo-binary-formula.rb.in | sed \ git add ./Formula/servo-bin.rb git commit -m "Version bump: ${VERSION}" -git push -q ${GIT} master +git push -qf \ + "https://${TOKEN}@github.com/servo/homebrew-servo.git" master \ + >/dev/null 2>&1 rm -rf ${TMP_DIR} diff --git a/etc/ci/upload_docs.sh b/etc/ci/upload_docs.sh index 7c6aa8fd542..ba8d4d70a60 100755 --- a/etc/ci/upload_docs.sh +++ b/etc/ci/upload_docs.sh @@ -27,4 +27,6 @@ cp apis.html ../../target/doc/servo/ cd ../.. ghp-import -n target/doc -git push -qf "https://${TOKEN}@github.com/servo/doc.servo.org.git" gh-pages +git push -qf \ + "https://${TOKEN}@github.com/servo/doc.servo.org.git" gh-pages \ + >/dev/null 2>&1