From 366aea95ebb4e76c1bc4b32dc4ed245492e83340 Mon Sep 17 00:00:00 2001 From: William Martin Date: Thu, 24 Oct 2024 18:35:30 +0200 Subject: [PATCH] Note token redaction in Acceptance test README --- acceptance/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/acceptance/README.md b/acceptance/README.md index 750cb75d1a7..8e8d7838ef6 100644 --- a/acceptance/README.md +++ b/acceptance/README.md @@ -159,7 +159,9 @@ When tests fail they fail like this: This is generally enough information to understand why a test has failed. However, we can get more information by providing the `-v` flag to `go test`, which turns on verbose mode and shows each command and any associated `stdio`. > [!WARNING] -> Verbose mode dumps the `testscript` environment variables, including the `GH_TOKEN`, so be careful. +> Verbose mode dumps the `testscript` environment variables, so make sure there is nothing sensitive in there. +> We have taken steps to [redact tokens](https://github.com/cli/cli/pull/9804) in log output but there's no +> guarantee it's comprehensive. By default `testscript` removes the directory in which it was running the script, and if you've been a conscientious engineer, you should be cleaning up resources using the `defer` statement. However, this can be an impediment to debugging. As such you can set `GH_ACCEPTANCE_PRESERVE_WORK_DIR=true` and `GH_ACCEPTANCE_SKIP_DEFER=true` to skip these cleanup steps.