🌟 [Major]: Fix path separator in action.yml and update README.md (#10)

## Description

This pull request includes several changes to improve the handling of
sensitive information, enhance the readability of the debug information,
and update documentation, including adding a new function to mask
sensitive values, updating the `README.md` to provide clearer
information about the action, and modifying the PowerShell script to use
the new masking function.

Enhancements to sensitive information handling:

* `action.yml`:
* Fixed the path separator in the script path to ensure compatibility
across different environments.
* `scripts/Helpers.psm1`:
* Added a new `Set-MaskedValue` function to mask sensitive values such
as GitHub tokens, JWT tokens, and private keys.
* `scripts/main.ps1`:
* Imported the `Helpers.psm1` module and set the output rendering to
ANSI for better readability.
* Updated various logging sections to use the `Set-MaskedValue` function
to mask sensitive information in environment variables and PowerShell
variables.

Documentation updates:

* `README.md`:
* Updated the documentation to provide more comprehensive information
about the action, including inputs, outputs, and a caution about
exposing sensitive information.

Tests:

* `.github/workflows/Action-Test.yml`:
* Added an environment variable for a fake private key for debugging
purposes.

## Type of change

<!-- Use the check-boxes [x] on the options that are relevant. -->

- [ ] 📖 [Docs]
- [ ] 🪲 [Fix]
- [ ] 🩹 [Patch]
- [ ] ⚠️ [Security fix]
- [ ] 🚀 [Feature]
- [x] 🌟 [Breaking change]

## Checklist

<!-- Use the check-boxes [x] on the options that are relevant. -->

- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas

Author: MariusStorhaug

.github/workflows/Action-Test.yml

@@ -16,6 +16,9 @@ permissions:
   contents: read
   pull-requests: read
 
+env:
+  PSMODULE_DEBUG_FAKE_PRIVATE_KEY: ${{ secrets.FAKE_PRIVATE_KEY }}
+
 jobs:
   ActionTestBasic:
     strategy:

README.md

@@ -1,17 +1,27 @@
-# Debug
+# Debug Action
 
-Gets debug information about the environment.
+Prints comprehensive debug information about the GitHub Actions runner environment, contexts, environment variables, and PowerShell state.
 
-Uses all the contexts, environment variables and PowerShell variables and modules.
-
-- [Contexts | GitHub Docs](https://docs.github.com/en/actions/learn-github-actions/contexts)
-- [Variables | GitHub Docs](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables)
+> [!CAUTION]
+> This action exposes environment variables and contexts, which may include sensitive information or secrets. GitHub attempts to mask
+> secrets in logs, but if a secret contains newlines (common with private keys) due to PowerShell's formatting, GitHub masking may fail and
+> inadvertently expose the secret.
 
 ## Usage
 
-### Example
+### Inputs
+
+This action does not currently require any inputs.
+
+### Secrets
+
+This action does not explicitly require secrets but may display environment variables or contexts containing sensitive information. Use with caution.
 
-#### Example 1: Get debug information
+### Outputs
+
+This action does not provide outputs.
+
+## Example
 
 ```yaml
 jobs:
@@ -21,3 +31,17 @@ jobs:
       - name: Debug
         uses: PSModule/Debug@v1
 ```
+
+## Information Displayed
+
+- [GitHub Context](https://docs.github.com/en/actions/learn-github-actions/contexts)
+- [Environment Variables](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables)
+- GitHub event payload details
+- PowerShell environment details including:
+  - Variables
+  - Installed Modules
+  - Execution context
+  - Host details
+  - Invocation details
+  - PowerShell session options
+  - PowerShell version details

action.yml

@@ -29,4 +29,4 @@ runs:
         Verbose: true
         Script: |
           # Debug environment
-          ${{ github.action_path }}\scripts\main.ps1
+          ${{ github.action_path }}/scripts/main.ps1

scripts/Helpers.psm1

@@ -0,0 +1,105 @@
+filter Set-MaskedValue {
+    <#
+        .SYNOPSIS
+        Masks sensitive values such as GitHub tokens, JWT tokens, and private keys.
+
+        .DESCRIPTION
+        This function checks an input string against known patterns for sensitive values, such as:
+        - GitHub tokens (Personal Access Tokens, OAuth Tokens, Session Tokens, User Tokens)
+        - JSON Web Tokens (JWT)
+        - Private keys
+        If a match is found, the function replaces the value with a corresponding masked placeholder.
+        If no match is found, the original value is returned unaltered.
+
+        .EXAMPLE
+        Set-MaskedValue -Value 'github_pat_1234567890123456789012'
+
+        Output:
+        ```powershell
+        ***GITHUB_FG_PAT_TOKEN***
+        ```
+
+        Masks a GitHub fine-grained personal access token.
+
+        .EXAMPLE
+        Set-MaskedValue -Value 'ghp_abcdefghijklmnopqrstuvwxyz0123456789' #gitleaks:allow
+
+        Output:
+        ```powershell
+        ***GITHUB_CLASSIC_PAT_TOKEN***
+        ```
+
+        Masks a classic GitHub personal access token.
+
+        .EXAMPLE
+        Set-MaskedValue -Value 'header.payload.signature'
+
+        Output:
+        ```powershell
+        ***JWT_TOKEN***
+        ```
+
+        Masks a JSON Web Token (JWT).
+
+        .EXAMPLE
+        Set-MaskedValue -Value "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAA..."
+
+        Output:
+        ```powershell
+        ***PRIVATE_KEY***
+        ```
+
+        Masks a private key.
+
+        .OUTPUTS
+        string
+
+        .NOTES
+        Returns the masked value if a match is found; otherwise, returns the original value.
+    #>
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute(
+        'PSUseShouldProcessForStateChangingFunctions', '',
+        Justification = 'This function is not state-changing. It is a utility function.'
+    )]
+    [OutputType([string])]
+    [CmdletBinding()]
+    param (
+        # The value to be checked and potentially masked.
+        [Parameter(ValueFromPipeline)]
+        [string] $Value = ''
+    )
+
+    switch -Regex ($Value) {
+        '^github_pat_' {
+            '***GITHUB_FG_PAT_TOKEN***'
+            break
+        }
+        '^ghp_' {
+            '***GITHUB_CLASSIC_PAT_TOKEN***'
+            break
+        }
+        '^ghs_' {
+            '***GITHUB_SESSION_TOKEN***'
+            break
+        }
+        '^ghu_' {
+            '***GITHUB_USER_TOKEN***'
+            break
+        }
+        '^gho_' {
+            '***GITHUB_OAUTH_TOKEN***'
+            break
+        }
+        '^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$' {
+            '***JWT_TOKEN***'
+            break
+        }
+        'PRIVATE KEY.*[\s\S]+?.*PRIVATE KEY' {
+            '***PRIVATE_KEY***'
+            break
+        }
+        default {
+            $Value
+        }
+    }
+}

scripts/main.ps1

@@ -1,6 +1,9 @@
 [CmdletBinding()]
 param()
 
+$PSStyle.OutputRendering = 'Ansi'
+Import-Module "$PSScriptRoot/Helpers.psm1"
+
 $CONTEXT_GITHUB = $env:CONTEXT_GITHUB | ConvertFrom-Json -Depth 100
 
 LogGroup 'Context: [GITHUB]' {
@@ -71,7 +74,13 @@ LogGroup "File system at [$pwd]" {
 }
 
 LogGroup 'Environment Variables' {
-    Get-ChildItem env: | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Sort-Object Name | Format-Table -AutoSize -Wrap
+    $vars = [ordered]@{}
+    Get-ChildItem env: | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Sort-Object Name | ForEach-Object {
+        $name = $_.Name
+        $value = $_.Value | Set-MaskedValue
+        $vars.Add($name, $value)
+    }
+    [pscustomobject]$vars | Format-List | Out-String
 }
 
 LogGroup '[System.Environment]' {
@@ -84,49 +93,55 @@ LogGroup '[System.Environment]' {
     $props.GetEnumerator() | Sort-Object Name | ForEach-Object {
         $propsObject | Add-Member -MemberType NoteProperty -Name $_.Name -Value $_.Value
     }
-    $propsObject | Format-List
+    $propsObject | Format-List | Out-String
 }
 
 LogGroup 'PowerShell variables' {
-    Get-Variable | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Sort-Object Name | Format-Table -AutoSize -Wrap
+    $vars = [ordered]@{}
+    Get-Variable | Where-Object { $_.Name -notlike 'CONTEXT_*' } | Select-Object -Property Name, Value | Sort-Object Name | ForEach-Object {
+        $name = $_.Name
+        $value = $_.Value | Set-MaskedValue
+        $vars.Add($name, $value)
+    }
+    [pscustomobject]$vars | Format-List | Out-String
 }
 
 LogGroup 'PSVersionTable' {
-    $PSVersionTable | Select-Object * | Format-List
+    $PSVersionTable | Select-Object * | Format-List | Out-String
 }
 
 LogGroup 'Installed Modules - List' {
     $modules = Get-PSResource | Sort-Object -Property Name
-    $modules | Select-Object Name, Version, CompanyName, Author | Format-Table -AutoSize -Wrap
+    $modules | Select-Object Name, Version, CompanyName, Author | Format-Table -AutoSize -Wrap | Out-String
 }
 
 $modules.Name | Select-Object -Unique | ForEach-Object {
     $name = $_
     LogGroup "Installed Modules - Details - [$name]" {
-        $modules | Where-Object Name -EQ $name | Select-Object * | Format-List
+        $modules | Where-Object Name -EQ $name | Select-Object * | Format-List | Out-String
     }
 }
 
 LogGroup 'ExecutionContext' {
-    $ExecutionContext | Select-Object * | Format-List
+    $ExecutionContext | ConvertTo-Json -Depth 3
 }
 
 LogGroup 'Host' {
-    $Host | Select-Object * | Format-List
+    $Host | Select-Object * | Format-List | Out-String
 }
 
 LogGroup 'MyInvocation' {
-    $MyInvocation | Select-Object * | Format-List
+    $MyInvocation | Select-Object * | Format-List | Out-String
 }
 
 LogGroup 'PSCmdlet' {
-    $PSCmdlet | Select-Object * | Format-List
+    $PSCmdlet | Select-Object * | Format-List | Out-String
 }
 
 LogGroup 'PSSessionOption' {
-    $PSSessionOption | Select-Object * | Format-List
+    $PSSessionOption | Select-Object * | Format-List | Out-String
 }
 
 LogGroup 'PSStyle' {
-    $PSStyle | Select-Object * | Format-List
+    $PSStyle | Select-Object * | Format-List | Out-String
 }