From 4fbdf8075f84607e0447a58b8df91a13e147760c Mon Sep 17 00:00:00 2001
From: Leonid Vasiliev <lvasiliev@tarantool.org>
Date: Tue, 29 Nov 2022 11:59:44 +0300
Subject: [PATCH] cd: remove attempt to print secrets to the log

According to [1] printing secrets to the log is not a best practice.

From [1]:
  GitHub automatically redacts secrets printed to the log, but you
  should avoid printing secrets to the log intentionally.

[1] https://docs.github.com/en/actions/security-guides/encrypted-secrets#accessing-your-secrets
---
 .github/workflows/packaging.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index 271479d1..7159018b 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -77,10 +77,18 @@ jobs:
             -u ${RWS_AUTH} \
             -F product=${PRODUCT_NAME}"
 
+          # We don't want to try to print secrets to the log, but we want
+          # to print a "curl" command to see what's going on.
+          CURL_CMD_ECHO="curl -LfsS \
+            -X PUT ${RWS_URL_PART}/${OS}/${DIST} \
+            -u *** \
+            -F product=${PRODUCT_NAME}"
+
           for f in $(ls -I '*build*' -I '*.changes' ./build); do
             CURL_CMD+=" -F $(basename ${f})=@./build/${f}"
+            CURL_CMD_ECHO+=" -F $(basename ${f})=@./build/${f}"
           done
 
-          echo ${CURL_CMD}
+          echo ${CURL_CMD_ECHO}
 
           ${CURL_CMD}