actions/install-action
1
0
Fork 0
mirror of https://github.com/taiki-e/install-action.git synced 2026-04-21 07:00:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Touch up comment on unset

Browse Source
This commit is contained in:
Taiki Endo
2026-04-10 16:52:13 +09:00
parent 97a5807a60
commit 02cc5f8ca9
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
main.sh
View File

@@ -630,10 +630,9 @@ esac
# Unlike gh command, cargo-binstall reads GITHUB_TOKEN first via cli parser, and then reads GH_TOKEN.
# https://github.com/cargo-bins/cargo-binstall/blob/v1.17.9/crates/bin/src/args.rs#L704
token="${GITHUB_TOKEN:-"${GH_TOKEN:-"${DEFAULT_GITHUB_TOKEN:-}"}"}"
# This prevents tokens from being displayed to subprocesses via environment variables.
# Since the tokens remain in the parent process's environment variables, and since unset may not
# immediately cleanse memory, setting `fallback: none` (which prevents the tokens from being set
# in the first place) remains the best practice from a security standpoint, as readme says.
# This prevents tokens from being exposed to subprocesses via environment variables.
# Since the tokens remain in memory, setting `fallback: none` (which prevents the tokens from being
# set in the first place) remains the best practice from a security standpoint, as readme says.
unset GITHUB_TOKEN GH_TOKEN DEFAULT_GITHUB_TOKEN
case "${host_os}" in