Shell executor on Windows Powershell spews setup commands and secrets in the log

RuterFrode · February 7, 2023, 9:27am

I’ve set up a runner on a Windows 10 laptop at work, which I intend to run Android UI tests against physical hardware. In all steps of the job we can see under-the-hood gitlab commands being executed with local echo on the terminal. Included here are secrets such as “GITLAB_CI_RELEASE_SSH_KEY”. I don’t want this in my log. It totals to over 1000 lines.

Example output (highly truncated) from the step “Getting source from Git repository”:

PS C:\jobs> & {
>> 
>> $ErrorActionPreference = "Stop"
>> $FF_CMD_DISABLE_DELAYED_ERROR_LEVEL_EXPANSION="false"
>> $env:FF_CMD_DISABLE_DELAYED_ERROR_LEVEL_EXPANSION=$FF_CMD_DISABLE_DELAYED_ERROR_LEVEL_EXPANSION
>> $FF_NETWORK_PER_BUILD="false"
>> $env:FF_NETWORK_PER_BUILD=$FF_NETWORK_PER_BUILD
>> $FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY="false"
>> $env:FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY=$FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY
>> $FF_USE_DIRECT_DOWNLOAD="true"
>> $env:FF_USE_DIRECT_DOWNLOAD=$FF_USE_DIRECT_DOWNLOAD

how can I suppress this?

RuterFrode · February 8, 2023, 8:34am

My problem was that Gitlab was looking for pwsh. The correct solution was to change to the following line under the [[runners]] section of config.toml

shell = "powershell"

Instead I had done a fault workaround by providing pwsh.cmd that launched Powershell in an incorrect manner.

I will leave this answer here in case someone else does the same stupid mistake as me