actions/install-action
1
0
Fork 0
mirror of https://github.com/taiki-e/install-action.git synced 2026-04-21 15:10:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add note about unset

Browse Source
This commit is contained in:
Taiki Endo
2026-04-19 01:15:51 +09:00
parent 4637b48a5a
commit eabf603493
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
main.sh
View File

@@ -494,6 +494,8 @@ token="${GITHUB_TOKEN:-"${GH_TOKEN:-"${DEFAULT_GITHUB_TOKEN:-}"}"}"
# This prevents tokens from being exposed to subprocesses via environment variables. # This prevents tokens from being exposed to subprocesses via environment variables.
# Since the tokens remain in memory, setting `fallback: none` (which prevents the tokens from being # Since the tokens remain in memory, setting `fallback: none` (which prevents the tokens from being
# set in the first place) remains the best practice from a security standpoint, as readme says. # set in the first place) remains the best practice from a security standpoint, as readme says.
# Note that this does not prevent token leaks via reading `/proc/*/environ` on Linux or
# via `ps -Eww` on macOS. It only reduces the risk of leaks.
unset GITHUB_TOKEN GH_TOKEN DEFAULT_GITHUB_TOKEN unset GITHUB_TOKEN GH_TOKEN DEFAULT_GITHUB_TOKEN
# Refs: https://github.com/rust-lang/rustup/blob/HEAD/rustup-init.sh # Refs: https://github.com/rust-lang/rustup/blob/HEAD/rustup-init.sh