fix: hide masked value (#668)

* fix: hide masked value

The ::add-mask:: command output logs the value to be masked.
This does expose critical information which should be hidden from
the output.

* Add test to not output secret in add-mask command

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

pkg/runner/command_test.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/nektos/act/pkg/common"
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -88,3 +90,17 @@ func TestAddpathADO(t *testing.T) {
 	handler("##[add-path]/boo\n")
 	a.Equal("/boo", rc.ExtraPath[1])
 }
+
+func TestAddmask(t *testing.T) {
+	logger, hook := test.NewNullLogger()
+
+	a := assert.New(t)
+	ctx := context.Background()
+	loggerCtx := common.WithLogger(ctx, logger)
+
+	rc := new(RunContext)
+	handler := rc.commandHandler(loggerCtx)
+	handler("::add-mask::my-secret-value\n")
+
+	a.NotEqual("  \U00002699  *my-secret-value", hook.LastEntry().Message)
+}