[CICD][BUILD] Mask sensitive environment variables in build:pass job

The build:pass job prints environment variables, some of which may contain sensitive data. This update ensures that variables with names matching substrings in FILTER_LIST have their values masked

[CICD][BUILD] Mask sensitive environment variables in build:pass job
The build:pass job prints environment variables, some of which may contain sensitive data. This update ensures that variables with names matching substrings in FILTER_LIST have their values masked
ce304cf6 · Andrii Sosiuk · 62eb8719 · ce304cf6
Commit ce304cf6 authored 6 months ago by Andrii Sosiuk
--- a/build-pipeline-yocto.yml.jinja2
+++ b/build-pipeline-yocto.yml.jinja2
@@ -37,8 +37,25 @@ build:pass:
  needs: []
  timeout: 2m
  image: {{ CI_IMAGE_PYTHON }}
+  variables:
+    FILTER_LIST: "TOKEN KEY"
  script:
-    - printenv
+    # Mask the value of environment variables if their names match any substring in FILTER_LIST
+    - |
+        printenv | awk -F= -v filters="$FILTER_LIST" '
+        BEGIN {
+            IGNORECASE = 1;
+            split(filters, filter_array, " ");
+        }
+        {
+            for (i in filter_array) {
+                if (index(toupper($1), toupper(filter_array[i])) > 0) {
+                    print $1 "=[MASKED]";
+                    next;
+                }
+            }
+            print;
+        }'
    - echo "Build successful"
    - echo "This is the value of the MANUAL_BUILD variable '${MANUAL_BUILD}'"