diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..53188fe
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+ - package-ecosystem: github-actions # See documentation for possible values
+ directory: / # Location of package manifests
+ labels:
+ - dependencies
+ - github-actions
+ schedule:
+ interval: weekly
diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml
index a56b1b0..6400e40 100644
--- a/.github/workflows/Action-Test.yml
+++ b/.github/workflows/Action-Test.yml
@@ -16,6 +16,9 @@ permissions:
contents: read
pull-requests: read
+env:
+ PSMODULE_DEBUG_FAKE_PRIVATE_KEY: ${{ secrets.FAKE_PRIVATE_KEY }}
+
jobs:
ActionTestBasic:
strategy:
@@ -26,7 +29,7 @@ jobs:
steps:
# Need to check out as part of the test, as its a local action
- name: Checkout repo
- uses: actions/checkout@v4
+ uses: actions/checkout@v6
- name: Action-Test
uses: ./
diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml
index 1a580b8..248d806 100644
--- a/.github/workflows/Auto-Release.yml
+++ b/.github/workflows/Auto-Release.yml
@@ -25,8 +25,8 @@ jobs:
Auto-Release:
runs-on: ubuntu-latest
steps:
- - name: Checkout Code
- uses: actions/checkout@v4
+ - name: Checkout repo
+ uses: actions/checkout@v6
- name: Auto-Release
uses: PSModule/Auto-Release@v1
diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml
index 1f677cb..1962629 100644
--- a/.github/workflows/Linter.yml
+++ b/.github/workflows/Linter.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
- uses: actions/checkout@v4
+ uses: actions/checkout@v6
with:
fetch-depth: 0
diff --git a/README.md b/README.md
index c8837a7..4c83fbf 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,27 @@
-# Debug
+# Debug Action
-Gets debug information about the environment.
+Prints comprehensive debug information about the GitHub Actions runner environment, contexts, environment variables, and PowerShell state.
-Uses all the contexts, environment variables and PowerShell variables and modules.
-
-- [Contexts | GitHub Docs](https://docs.github.com/en/actions/learn-github-actions/contexts)
-- [Variables | GitHub Docs](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables)
+> [!CAUTION]
+> This action exposes environment variables and contexts, which may include sensitive information or secrets. GitHub attempts to mask
+> secrets in logs, but if a secret contains newlines (common with private keys) due to PowerShell's formatting, GitHub masking may fail and
+> inadvertently expose the secret.
## Usage
-### Example
+### Inputs
+
+This action does not currently require any inputs.
+
+### Secrets
+
+This action does not explicitly require secrets but may display environment variables or contexts containing sensitive information. Use with caution.
-#### Example 1: Get debug information
+### Outputs
+
+This action does not provide outputs.
+
+## Example
```yaml
jobs:
@@ -21,3 +31,17 @@ jobs:
- name: Debug
uses: PSModule/Debug@v1
```
+
+## Information Displayed
+
+- [GitHub Context](https://docs.github.com/en/actions/learn-github-actions/contexts)
+- [Environment Variables](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables)
+- GitHub event payload details
+- PowerShell environment details including:
+ - Variables
+ - Installed Modules
+ - Execution context
+ - Host details
+ - Invocation details
+ - PowerShell session options
+ - PowerShell version details
diff --git a/action.yml b/action.yml
index a03c982..6d95f63 100644
--- a/action.yml
+++ b/action.yml
@@ -25,8 +25,7 @@ runs:
# CONTEXT_NEEDS: ${{ toJson(needs) }}
CONTEXT_INPUTS: ${{ toJson(inputs) }}
with:
- Debug: true
- Verbose: true
+ Name: Debug
Script: |
# Debug environment
- ${{ github.action_path }}\scripts\main.ps1
+ ${{ github.action_path }}/scripts/main.ps1
diff --git a/scripts/Helpers.psm1 b/scripts/Helpers.psm1
new file mode 100644
index 0000000..1f4ae93
--- /dev/null
+++ b/scripts/Helpers.psm1
@@ -0,0 +1,105 @@
+filter Set-MaskedValue {
+ <#
+ .SYNOPSIS
+ Masks sensitive values such as GitHub tokens, JWT tokens, and private keys.
+
+ .DESCRIPTION
+ This function checks an input string against known patterns for sensitive values, such as:
+ - GitHub tokens (Personal Access Tokens, OAuth Tokens, Session Tokens, User Tokens)
+ - JSON Web Tokens (JWT)
+ - Private keys
+ If a match is found, the function replaces the value with a corresponding masked placeholder.
+ If no match is found, the original value is returned unaltered.
+
+ .EXAMPLE
+ Set-MaskedValue -Value ''
+
+ Output:
+ ```powershell
+ ***GITHUB_FG_PAT_TOKEN***
+ ```
+
+ Masks a GitHub fine-grained personal access token.
+
+ .EXAMPLE
+ Set-MaskedValue -Value ''
+
+ Output:
+ ```powershell
+ ***GITHUB_CLASSIC_PAT_TOKEN***
+ ```
+
+ Masks a classic GitHub personal access token.
+
+ .EXAMPLE
+ Set-MaskedValue -Value 'header.payload.signature'
+
+ Output:
+ ```powershell
+ ***JWT_TOKEN***
+ ```
+
+ Masks a JSON Web Token (JWT).
+
+ .EXAMPLE
+ Set-MaskedValue -Value "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAA..."
+
+ Output:
+ ```powershell
+ ***PRIVATE_KEY***
+ ```
+
+ Masks a private key.
+
+ .OUTPUTS
+ string
+
+ .NOTES
+ Returns the masked value if a match is found; otherwise, returns the original value.
+ #>
+ [Diagnostics.CodeAnalysis.SuppressMessageAttribute(
+ 'PSUseShouldProcessForStateChangingFunctions', '',
+ Justification = 'This function is not state-changing. It is a utility function.'
+ )]
+ [OutputType([string])]
+ [CmdletBinding()]
+ param (
+ # The value to be checked and potentially masked.
+ [Parameter(ValueFromPipeline)]
+ [string] $Value = ''
+ )
+
+ switch -Regex ($Value) {
+ '^github_pat_' {
+ '***GITHUB_FG_PAT_TOKEN***'
+ break
+ }
+ '^ghp_' {
+ '***GITHUB_CLASSIC_PAT_TOKEN***'
+ break
+ }
+ '^ghs_' {
+ '***GITHUB_SESSION_TOKEN***'
+ break
+ }
+ '^ghu_' {
+ '***GITHUB_USER_TOKEN***'
+ break
+ }
+ '^gho_' {
+ '***GITHUB_OAUTH_TOKEN***'
+ break
+ }
+ '^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$' {
+ '***JWT_TOKEN***'
+ break
+ }
+ 'PRIVATE KEY.*[\s\S]+?.*PRIVATE KEY' {
+ '***PRIVATE_KEY***'
+ break
+ }
+ default {
+ $Value
+ }
+ }
+}
diff --git a/scripts/main.ps1 b/scripts/main.ps1
index 9fe92a8..28f6895 100644
--- a/scripts/main.ps1
+++ b/scripts/main.ps1
@@ -1,28 +1,16 @@
-[CmdletBinding()]
+[CmdletBinding()]
param()
+Install-PSResource -Repository PSGallery -TrustRepository -Name Net
+Install-PSResource -Repository PSGallery -TrustRepository -Name PublicIP
+Import-Module "$PSScriptRoot/Helpers.psm1"
+
$CONTEXT_GITHUB = $env:CONTEXT_GITHUB | ConvertFrom-Json -Depth 100
LogGroup 'Context: [GITHUB]' {
$CONTEXT_GITHUB | ConvertTo-Json -Depth 100
}
-LogGroup 'Context: [GITHUB_EVENT]' {
- $CONTEXT_GITHUB.event | ConvertTo-Json -Depth 100
-}
-
-LogGroup 'Context: [GITHUB_EVENT_ENTERPRISE]' {
- $CONTEXT_GITHUB | ConvertTo-Json -Depth 100
-}
-
-LogGroup 'Context: [GITHUB_EVENT_ORGANIZATION]' {
- $CONTEXT_GITHUB.event.organization | ConvertTo-Json -Depth 100
-}
-
-LogGroup 'Context: [GITHUB_EVENT_REPOSITORY]' {
- $CONTEXT_GITHUB.event.repository | ConvertTo-Json -Depth 100
-}
-
LogGroup 'Context: [ENV]' {
$env:CONTEXT_ENV
}
@@ -66,12 +54,27 @@ LogGroup 'Context: [INPUTS]' {
$env:CONTEXT_INPUTS
}
+LogGroup 'Network Info' {
+ Write-Host "$(Get-NetIPConfiguration | Out-String)"
+}
+
+LogGroup 'Public IP Info' {
+ Write-Host "$(Get-PublicIP | Out-String)"
+}
+
+
LogGroup "File system at [$pwd]" {
Get-ChildItem -Path . -Force | Select-Object -ExpandProperty FullName | Sort-Object
}
LogGroup 'Environment Variables' {
- Get-ChildItem env: | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Sort-Object Name | Format-Table -AutoSize -Wrap
+ $vars = [ordered]@{}
+ Get-ChildItem env: | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Sort-Object Name | ForEach-Object {
+ $name = $_.Name
+ $value = $_.Value | Set-MaskedValue
+ $vars.Add($name, $value)
+ }
+ [pscustomobject]$vars | Format-List | Out-String
}
LogGroup '[System.Environment]' {
@@ -84,49 +87,63 @@ LogGroup '[System.Environment]' {
$props.GetEnumerator() | Sort-Object Name | ForEach-Object {
$propsObject | Add-Member -MemberType NoteProperty -Name $_.Name -Value $_.Value
}
- $propsObject | Format-List
+ $propsObject | Format-List | Out-String
}
LogGroup 'PowerShell variables' {
- Get-Variable | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Sort-Object Name | Format-Table -AutoSize -Wrap
+ $vars = [ordered]@{}
+ Get-Variable | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Select-Object -Property Name, Value | Sort-Object Name | ForEach-Object {
+ $name = $_.Name
+ $value = $_.Value | Set-MaskedValue
+ $vars.Add($name, $value)
+ }
+ [pscustomobject]$vars | Format-List | Out-String
}
LogGroup 'PSVersionTable' {
- $PSVersionTable | Select-Object * | Format-List
+ $PSVersionTable | Select-Object * | Format-List | Out-String
}
LogGroup 'Installed Modules - List' {
$modules = Get-PSResource | Sort-Object -Property Name
- $modules | Select-Object Name, Version, CompanyName, Author | Format-Table -AutoSize -Wrap
+ $modules | Select-Object Name, Version, CompanyName, Author | Format-Table -AutoSize -Wrap | Out-String
}
$modules.Name | Select-Object -Unique | ForEach-Object {
$name = $_
LogGroup "Installed Modules - Details - [$name]" {
- $modules | Where-Object Name -EQ $name | Select-Object * | Format-List
+ $modules | Where-Object Name -EQ $name | Select-Object * | Format-List | Out-String
}
}
LogGroup 'ExecutionContext' {
- $ExecutionContext | Select-Object * | Format-List
+ $ExecutionContext | ConvertTo-Json -Depth 3
}
LogGroup 'Host' {
- $Host | Select-Object * | Format-List
+ $Host | Select-Object * | Format-List | Out-String
+}
+
+LogGroup 'Host - Json' {
+ $Host | ConvertTo-Json -Depth 3
}
LogGroup 'MyInvocation' {
- $MyInvocation | Select-Object * | Format-List
+ $MyInvocation | Select-Object * | Format-List | Out-String
}
LogGroup 'PSCmdlet' {
- $PSCmdlet | Select-Object * | Format-List
+ $PSCmdlet | Select-Object * | Format-List | Out-String
}
LogGroup 'PSSessionOption' {
- $PSSessionOption | Select-Object * | Format-List
+ $PSSessionOption | Select-Object * | Format-List | Out-String
}
LogGroup 'PSStyle' {
- $PSStyle | Select-Object * | Format-List
+ $PSStyle | Select-Object * | Format-List | Out-String
+}
+
+LogGroup 'PSStyle - Json' {
+ $PSStyle | ConvertTo-Json -Depth 3
}