Files
InfiniteAPI/.github/workflows/build.yml
T
Claude 151a6d5cab security: remove debug step that could expose GITHUB_TOKEN
Removed the "Debug Git Config" step from all workflows as it could
potentially expose the GITHUB_TOKEN in logs (shown in git URL rewrites).

Now that the workflows are passing with the HTTPS libsignal fix,
this debug output is no longer needed.

Addresses security concern raised by Copilot AI in PR #170.

https://claude.ai/code/session_015R3U3kiprQiNTTNNt31Sg6
2026-02-14 05:21:31 +00:00

55 lines
1.5 KiB
YAML

name: Build Project
on:
push:
branches:
- master
pull_request:
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v3
- name: Setup Node and Corepack
uses: actions/setup-node@v3.6.0
with:
node-version: 20.x
- name: Enable Corepack and Set Yarn Version
run: |
corepack enable
corepack prepare yarn@4.x --activate
- name: Configure Git for HTTPS
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Force git to use HTTPS with token instead of SSH for GitHub repositories
git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "ssh://git@github.com/"
git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "git@github.com:"
git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
- name: Restore Yarn Cache
uses: actions/cache@v4
id: yarn-cache
with:
path: |
node_modules
.yarn/install-state.gz
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install dependencies
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_TERMINAL_PROMPT: 0
run: yarn install --immutable
- name: Build project
run: yarn build