Conversation
roji
force-pushed
the
SqlServerOnAgent
branch
from
434e1c8 to
83c327b
Compare
There was a problem hiding this comment.
Pull request overview
This PR attempts to fix the SQL Server health check command in the GitHub Actions workflow by changing how the SA password is referenced from using \$SA_PASSWORD (escaped environment variable reference) to ${{ secrets.MSSQL_SA_PASSWORD }} (GitHub Actions secret interpolation).
Changes:
- Modified the Docker health-cmd option to use GitHub Actions secret syntax instead of container environment variable reference
| - 1433:1433 | ||
| options: >- | ||
| --health-cmd="/opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P \$SA_PASSWORD -Q \"SELECT 1\" -C" | ||
| --health-cmd="/opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P '${{ secrets.MSSQL_SA_PASSWORD }}' -Q 'SELECT 1' -C" |
There was a problem hiding this comment.
Using GitHub secrets directly in the health-cmd option can expose the password in Docker container logs and process listings. The original approach using $SA_PASSWORD was attempting to reference the environment variable SA_PASSWORD (defined on line 29) from within the container context. The correct fix would be to use proper escaping to reference the container's environment variable, such as --health-cmd="/opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P "$SA_PASSWORD" -Q "SELECT 1" -C" or consider using a health check script that doesn't expose credentials in command arguments.
| --health-cmd="/opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P '${{ secrets.MSSQL_SA_PASSWORD }}' -Q 'SELECT 1' -C" | |
| --health-cmd="/opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P \"\$SA_PASSWORD\" -Q \"SELECT 1\" -C" |
No description provided.