Document base64 secret decoding warts on windows powershell

[robinp]

Code of Conduct

• [X] I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

https://github.com/github/docs/blob/main/content/actions/security-guides/encrypted-secrets.md

What part(s) of the article would you like to see updated?

At the very end of that doc, a linux/bash example is shown on how to base64-decode a secret.

But trying to use that as-is on powershell utterly fails for 2 reasons (probably newlines, and default UTF-16 output). I wrote those points up in https://stackoverflow.com/a/74344321/180258 for reference.

I would suggest at minimum to call attention to the issues, but even more: either give a specific working powershell example, or just suggest that bash should be used to decode base64 to binary under windows.

Hope will save some hours for other people too.

Thank you!

Additional information

No response

[welcome[bot]]

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[cmwilson21]

@robinp Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:

[lucascosti]

Thanks so much for letting us know about this, @robinp!

I've reproduced needing the -i flag (workflow run here), but my workflow did have matching hashes for the input and output files using shasum (for a simple README file that was encoded). 🤔

I think your recommendation of adding a note to the last step in the procedure to recommend using a bash shell on Windows runners is a good one.

Something like:

Note: Using another shell might require different commands for decoding the secret to a file. On Windows runners, we recommend using a bash shell with shell: bash to use the commands in the run step above.

Yourself (or anyone else) can feel free to open a PR 🙇‍♂️