ci: plug leak of Github secret

liquity · Apr 12, 2024 · 4eddda5 · 4eddda5
1 parent 9ae4912
commit 4eddda5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/contracts/utils/deploy-cli.ts b/contracts/utils/deploy-cli.ts
@@ -156,9 +156,13 @@ Deploying Liquity contracts with the following settings:
     `broadcast/DeployLiquity2.s.sol/${options.chainId}/run-latest.json`,
   );
 
+  // XXX hotfix: we were leaking Github secrets in "deployer"
+  // TODO: check if "deployer" is a private key, and calculate its address and use it instead?
+  const { deployer, ...safeOptions } = options;
+
   // write env file
   await fs.writeJson("deployment-context-latest.json", {
-    options,
+    options: safeOptions,
     deployedContracts: Object.fromEntries(deployedContracts),
   });
 

diff --git a/contracts/utils/deployment-artifacts-to-app-env.ts b/contracts/utils/deployment-artifacts-to-app-env.ts
@@ -17,7 +17,8 @@ const ZAddress = z.string().regex(/^0x[0-9a-fA-F]{40}$/);
 const ZDeploymentContext = z.object({
   options: z.object({
     chainId: z.number(),
-    deployer: z.string(), // can be an address or a private key
+    // XXX hotfix: we were leaking Github secrets in "deployer"
+    // deployer: z.string(), // can be an address or a private key
     help: z.boolean(),
     openDemoTroves: z.boolean(),
     rpcUrl: z.string(),