ci: avoid leaking oauth access token

.builds/freebsd.yml

@@ -7,7 +7,7 @@ packages:
   - jq
 secrets:
   - 6c60aaee-92e7-4e7d-812c-114817689b4d
-  - 2cd8c203-ba06-4504-be49-1e2b9b71efdd
+  - dd0bd962-7664-4d3e-b0f3-41c9ee96b8b8
 sources:
   - https://github.com/ziglang/zig
 tasks:

ci/azure/on_master_success

@@ -1,6 +1,8 @@
 #!/bin/sh
 
-set -x
+# We do not set -x because this would leak the oauth access token.
+set +x
+
 set -e
 
 sudo apt-get update -y

ci/azure/pipelines.yml

@@ -44,7 +44,7 @@ jobs:
   - script: ci/azure/windows_script.bat
     name: main
     displayName: 'Build and test'
-- job: UpdateDownloadPage
+- job: OnMasterSuccess
   dependsOn:
   - BuildMacOS
   - BuildLinux

ci/drone/linux_script

@@ -61,6 +61,9 @@ if [ -z "$DRONE_PULL_REQUEST" ]; then
   s3cmd put -P --add-header="Cache-Control: max-age=0, must-revalidate" "$JSONFILE" "s3://ziglang.org/builds/$JSONFILE"
   s3cmd put -P "$JSONFILE" "s3://ziglang.org/builds/$TRIPLEARCH-linux-$VERSION.json"
   if [ "$GITBRANCH" = "master" ]; then 
+    # avoid leaking oauth token
+    set +x
+
     cd "$BUILDDIR"
     ./ci/srht/on_master_success "$VERSION" "$SRHT_OAUTH_TOKEN"
   fi

ci/srht/freebsd_script

@@ -88,6 +88,9 @@ if [ -f ~/.s3cfg ]; then
   s3cmd put -P "$JSONFILE" "s3://ziglang.org/builds/x86_64-freebsd-$VERSION.json"
 
   if [ "$GITBRANCH" = "master" ]; then 
+    # avoid leaking oauth token
+    set +x
+
     OAUTH_TOKEN="$(cat ~/.oauth_token)"
     cd "$ZIGDIR"
     ./ci/srht/on_master_success "$VERSION" "$OAUTH_TOKEN"

ci/srht/on_master_success

@@ -6,7 +6,9 @@
 # * jq
 # * cat
 
-set -x
+# We do not set -x because this would leak the oauth access token.
+set +x
+
 set -e
 
 VERSION="$1"