(grails-gradle-publish) 01/01: ci(release): read password securely in release scripts

Fri, 17 Oct 2025 22:36:06 -0700 

This is an automated email from the ASF dual-hosted git repository.

matrei pushed a commit to branch secure-pw
in repository https://gitbox.apache.org/repos/asf/grails-gradle-publish.git

commit 1f9c04d3a4bf1663ac704222da55017b33de9475
Author: Mattias Reichel <[email protected]>
AuthorDate: Mon Oct 13 18:13:25 2025 +0200

    ci(release): read password securely in release scripts
    
    Prompt for the password without echo to avoid leaking it in the terminal or 
logs.
---
 .github/scripts/releaseDistributions.sh | 8 +++++---
 .github/scripts/releaseJarFiles.sh      | 7 ++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/scripts/releaseDistributions.sh 
b/.github/scripts/releaseDistributions.sh
index 2718bd3..a05a29d 100755
--- a/.github/scripts/releaseDistributions.sh
+++ b/.github/scripts/releaseDistributions.sh
@@ -23,18 +23,20 @@
 
 set -euo pipefail
 
-if [[ $# -ne 3 ]]; then
-  echo "Usage: $0 <tag> <username> <password>" >&2
+if [[ $# -ne 2 ]]; then
+  echo "Usage: $0 <tag> <username>" >&2
   exit 1
 fi
 
 RELEASE_TAG="$1"
 RELEASE_VERSION="${RELEASE_TAG#v}"
 SVN_USER="$2"
-SVN_PASS="$3"
 RELEASE_ROOT="https://dist.apache.org/repos/dist/release/grails/grails-publish";
 DEV_ROOT="https://dist.apache.org/repos/dist/dev/grails/grails-publish";
 
+read -r -s -p "Password: " SVN_PASS
+echo
+
 if [[ -z "${RELEASE_TAG}" ]]; then
   echo "❌ ERROR: Release Tag must not be empty." >&2
   exit 1
diff --git a/.github/scripts/releaseJarFiles.sh 
b/.github/scripts/releaseJarFiles.sh
index 8421782..b0a4874 100755
--- a/.github/scripts/releaseJarFiles.sh
+++ b/.github/scripts/releaseJarFiles.sh
@@ -23,15 +23,16 @@
 
 set -euo pipefail
 
-if [[ $# -ne 3 ]]; then
-  echo "Usage: $0 <staging repo description> <username> <password>" >&2
+if [[ $# -ne 2 ]]; then
+  echo "Usage: $0 <staging repo description> <username>" >&2
   exit 1
 fi
 
 NEXUS_URL="https://repository.apache.org";
 STAGING_DESCRIPTION="$1"
 NEXUS_USER="$2"
-NEXUS_PASS="$3"
+read -r -s -p "Password: " NEXUS_PASS
+echo
 
 if [[ -z "${STAGING_DESCRIPTION}" ]]; then
   echo "ERROR: Staging Description must not be empty." >&2

Reply via email to