Mask runner token in QA tests
What does this MR do and why?
Masks the registration token used in QA tests to prevent accidentally revealing tokens in public logs.
In most cases our tests use project-specific runners, and the runner is a container that's removed when the test is finished, so there's little opportunity for abuse.
However, some tests use group runners, which keep the same registration token until they're rotated.
Screenshots or screen recordings
Logs and test failure reports that include the runner registration command will appear as:
QA::Service::Shellout::CommandError:
Command: `docker run -d --rm --network test --name qa-runner-1658277745 --privileged registry.gitlab.com/gitlab-org/gitlab-runner:alpine && docker exec --detach qa-runner-1658277745 sh -c "printf 'concurrent = 1\ncheck_interval = 0\n\n[session_server]\n session_timeout = 1800' > /etc/gitlab-runner/config.toml && gitlab-runner register --non-interactive --name qa-runner-1658277745 --url http://192.168.50.25:3000 --registration-token **** --tag-list qa-runner-1658277745 --executor shell && gitlab-runner run" ` failed! ✘
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Mark Lapierre