test an API in Github Actions without leaking secrets ...
there should be some way to NOT log data sent in requests, or, if this already exists, it should be clearly documented
API --
1. /admin/migrate
I send post request "/admin/migrate", {"password":"SUPER_SECRET_SQUIRREL_PASSWORD"}
const migrationResponse = await I.sendPostRequest("/admin/migrate", {
password: process.env.ADMIN_PASSWORD
});
require("dotenv").config();
console.log("CODECEPT CONF JS TEST_URL", process.env.TEST_URL);
const endpoint = `http://${process.env.TEST_URL}/api`;
exports.config = {
tests: "./*_test.js",
output: "./output",
helpers: {
Puppeteer: {
show: false,
chrome: {
keepCookies: true,
args: ["--no-sandbox", "--disable-setuid-sandbox"]
}
},
REST: {
endpoint,
onRequest: request => {
request.headers.auth = "123";
}
}
},
include: {
I: "./steps_file.js"
},
bootstrap: null,
mocha: {},
name: "tests",
plugins: {
retryFailedStep: {
enabled: true
},
screenshotOnFail: {
enabled: true
}
},
require: []
};
@bionicles Did you try to wrap it in secret()?
password: secret(process.env.ADMIN_PASSWORD)
I didn't know that was possible! Will try now. Where is this function documented?
@bionicles for example here https://codecept.io/changelog/#_2-1-0
Most helpful comment
@bionicles Did you try to wrap it in
secret()?