From 34bb4412a3a1c6c02d7e14b2a89bcae863a54c13 Mon Sep 17 00:00:00 2001
From: Daniel Stone <daniels@collabora.com>
Date: Thu, 10 Jun 2021 10:51:50 +0100
Subject: [PATCH] ci/bare-metal: Don't leak JWT into logs

The JWT is sensitive - as it can be used to access e.g. private traces -
so we don't want it anywhere in our logs.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/11309>
---
 .gitlab-ci/bare-metal/rootfs-setup.sh | 1 +
 .gitlab-ci/common/generate-env.sh     | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci/bare-metal/rootfs-setup.sh b/.gitlab-ci/bare-metal/rootfs-setup.sh
index 2e4280bac21..ff076423fa1 100644
--- a/.gitlab-ci/bare-metal/rootfs-setup.sh
+++ b/.gitlab-ci/bare-metal/rootfs-setup.sh
@@ -15,6 +15,7 @@ set +x
 chmod +x $rootfs_dst/set-job-env-vars.sh
 echo "Variables passed through:"
 cat $rootfs_dst/set-job-env-vars.sh
+echo "export CI_JOB_JWT=${CI_JOB_JWT@Q}" >> $rootfs_dst/set-job-env-vars.sh
 set -x
 
 # Add the Mesa drivers we built, and make a consistent symlink to them.
diff --git a/.gitlab-ci/common/generate-env.sh b/.gitlab-ci/common/generate-env.sh
index 41946cc13a8..980e2460c11 100755
--- a/.gitlab-ci/common/generate-env.sh
+++ b/.gitlab-ci/common/generate-env.sh
@@ -8,7 +8,6 @@ for var in \
     CI_COMMIT_BRANCH \
     CI_COMMIT_TITLE \
     CI_JOB_ID \
-    CI_JOB_JWT \
     CI_JOB_URL \
     CI_MERGE_REQUEST_SOURCE_BRANCH_NAME \
     CI_MERGE_REQUEST_TITLE \