viaprog/shaka-player
1
0
Fork 0
mirror of https://github.com/shaka-project/shaka-player.git synced 2026-06-14 15:56:38 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
a3f4fd40a123767add35160b93046e358d4f9c64
shaka-player/app-engine/gcloudignore
T
Joey Parrish 3a47bd1c03 ci: Prevent leaked credentials (#8142) 
Naive use of google-github-actions/auth and
google-github-actions/deploy-appengine can lead to leaked credentials.

In particular, uploading static content from the workspace root leads to
servable copies of the credentials file written by
google-github-actions/auth. This is exactly what the Shaka Player Demo
did. Making matters worse, google-github-actions/auth logs credential
filenames for all to see.

All uploaded credentials were expired before I uploaded this PR.

This fixes the leak by installing a gcloudignore file which prevents the
credentials from being uploaded.
2025-02-21 15:33:17 -08:00

8 lines
169 B
Plaintext
Raw Blame History

# Defaults you get without an explicit .gcloudignore file
.git
.gitignore
.gcloudignore
# Ignore generated credentials from google-github-actions/auth
gha-creds-*.json
Reference in New Issue View Git Blame Copy Permalink