Log environment variables sorted by key while redacting values of unsafe ones #3543
Conversation
ssbarnea
force-pushed
the
fix/3542
branch
3 times, most recently
from
511fcac to
7f508e0
Compare
|
@gaborbernat Any chance you could look at it again today? I think that I addressed the requests. This patch is a blocker for improving the security of GHA pipelines as I would not want to disable log collection for tox. Thanks. |
ssbarnea
changed the title
ssbarnea
changed the title
ssbarnea
force-pushed
the
fix/3542
branch
2 times, most recently
from
ca01304 to
37a1156
Compare
ssbarnea
dismissed
gaborbernat’s stale review
Please review again, I made the required changes, dropped the notice, added documentation entry, tested all keywords.
|
@gaborbernat Sorry to bother you again. Is there anything else I need to change? |
|
@gaborbernat The py314 failure is unrelated and seems to be a bug in coveragepy. I will try to help @nedbat with a patch if I do not run out of time. That also made me realize that I need to fix few bugs in tox-uv in order to run coveragepy tests..., side effect raising tox-dev/tox-uv#210 |
|
@gaborbernat Any idea about what to do about py314 errors related to coverage? They started to fail on main last night, so unrelated to this patch. Should we attempt to capture/hide these warnings to avoid our test failures? |
|
I think I will skip that warning on platforms where I don't ship a built wheel, though I'd be curious whether the installation of coverage on 3.14 shows that it tried to compile the extension or not? |
|
Coverage 7.9.1 is released to quiet that warning on 3.14. |
Improves logging of environment variables by sorting them by key and redacting the values for the ones that are likely to contain secrets.
Fixes: #3542
tox -e fix)docs/changelogfolder