I’m having issues with masked variables not getting masked in a new project. This is despite that I simply replicated the same setup that has worked before in another project.
Here’s a CI job in the old project - note the masked credentials for the twine command:
https://gitlab.com/jfolz/simplejpeg/-/jobs/853869420#L90
And here’s two similar jobs in the new project that casually leaks API tokens:
https://gitlab.com/jfolz/simplebloom/-/jobs/1028494188#L96
https://gitlab.com/jfolz/simplebloom/-/jobs/1028920402#L98
Between those jobs I deleted and recreated all variables and went through and compared all project settings and cannot find any (relevant) differences. Since they’re all nice an visible to the public you can also easily verify that the values conform to the requirements for masked variables.
I was lucky enough to notice almost immediately so I could invalidate the token both times, but I would really like to avoid deleting the token every time.
Does anyone have an idea what’s going on? There are a few issues in the Gitlab repo, but they never went anywhere.