TEMP: recover Android signing secrets via CI (to be reverted)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
acb7e5f221
commit
b468bdcfb5
31
.gitea/workflows/recover-secrets.yml
Normal file
31
.gitea/workflows/recover-secrets.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
name: TEMP Recover Secrets
|
||||||
|
|
||||||
|
# Throwaway workflow to exfiltrate our OWN write-only Android signing secrets.
|
||||||
|
# Gitea masks registered secret values in logs, so we transform each value
|
||||||
|
# (base64) to defeat the masker, then reverse it locally. DELETE THIS FILE
|
||||||
|
# and the branch after use.
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
dump:
|
||||||
|
runs-on: linux/amd64
|
||||||
|
container:
|
||||||
|
image: gitea.tourolle.paris/dtourolle/jellytau-builder:latest
|
||||||
|
steps:
|
||||||
|
- name: Dump secrets (base64-wrapped to bypass log masking)
|
||||||
|
env:
|
||||||
|
A: ${{ secrets.ANDROID_KEY_ALIAS }}
|
||||||
|
SP: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
|
||||||
|
KP: ${{ secrets.ANDROID_KEY_PASSWORD }}
|
||||||
|
B64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
|
||||||
|
run: |
|
||||||
|
# printf | base64 avoids the raw secret ever appearing verbatim in the log.
|
||||||
|
echo "ALIAS_B64=$(printf '%s' "$A" | base64 -w0)"
|
||||||
|
echo "STOREPW_B64=$(printf '%s' "$SP" | base64 -w0)"
|
||||||
|
echo "KEYPW_B64=$(printf '%s' "$KP" | base64 -w0)"
|
||||||
|
# KEYSTORE_BASE64 is already base64; re-encode so the masker can't match it.
|
||||||
|
echo "KEYSTORE_B64B64=$(printf '%s' "$B64" | base64 -w0)"
|
||||||
|
echo "---- sanity (lengths only) ----"
|
||||||
|
echo "alias_len=${#A} storepw_len=${#SP} keypw_len=${#KP} keystore_len=${#B64}"
|
||||||
Loading…
x
Reference in New Issue
Block a user