Mask secrets in job output (#231)

Previously secrets would be shown in log output as provided. This
commit updates the stepLogFormatter to replace any instance of the secret
string with "***", as GitHub Actions would

Known issues: If the secret is a generic string (such as "docker"), all
occurances of that string will be replaced in the output

Co-authored-by: Casey Lee <cplee@nektos.com>

pkg/runner/logger.go

@@ -38,11 +38,12 @@ func init() {
 }
 
 // WithJobLogger attaches a new logger to context that is aware of steps
-func WithJobLogger(ctx context.Context, jobName string) context.Context {
+func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string) context.Context {
 	mux.Lock()
 	defer mux.Unlock()
 	formatter := new(stepLogFormatter)
 	formatter.color = colors[nextColor%len(colors)]
+	formatter.secrets = secrets
 	nextColor++
 
 	logger := logrus.New()
@@ -55,12 +56,18 @@ func WithJobLogger(ctx context.Context, jobName string) context.Context {
 }
 
 type stepLogFormatter struct {
-	color int
+	color   int
+	secrets map[string]string
 }
 
 func (f *stepLogFormatter) Format(entry *logrus.Entry) ([]byte, error) {
 	b := &bytes.Buffer{}
 
+	// Replace any secrets in the entry
+	for _, v := range f.secrets {
+		entry.Message = strings.ReplaceAll(entry.Message, v, "***")
+	}
+
 	if f.isColored(entry) {
 		f.printColored(b, entry)
 	} else {

pkg/runner/runner.go

@@ -73,7 +73,7 @@ func (runner *runnerImpl) NewPlanExecutor(plan *model.Plan) common.Executor {
 				}
 				stageExecutor = append(stageExecutor, func(ctx context.Context) error {
 					jobName := fmt.Sprintf("%-*s", maxJobNameLen, rc.String())
-					return rc.Executor()(WithJobLogger(ctx, jobName))
+					return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets))
 				})
 			}
 		}