Remove Image Metadata With Github Action

A picture of the author, Jakob Maier
Jakob Maier
Jun 14, 2023

Introduction

When publishing images on the internet Exif data can pose a risk to your privacy and security. Phones and cameras will store information like the device location, date, time and model in the metadata of the image. Once you post this image online, anybody can trivially extract this data.

It is therefore a good idea to scrub images of this information before publishing. Thankfully, this is very easy to do with the exiftool on linux. And if you use Github Actions to build & deploy your static website, this step can be easily added to your build step.

Basic Usage

First we need to install exiftool:

sudo apt install libimage-exiftool-perl -y

To recursivly remove all metadata from images in the current directory ending in .png and .jpg we just call:

exiftool -all= -r -overwrite_original -ext jpg -ext png .

Deploy to Server

This is maybe the simplest such deployment script, it just removes the metadata and then copies all files to a server:

name: Deploy to server 

on:
  push:
    branches: [ "master" ]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    
    - name: Scrub Metadata
      run: |
        sudo apt install libimage-exiftool-perl -y
        exiftool -all= -r -overwrite_original -ext jpg -ext jpeg -ext png .
    
    - name: Deploy to Server 
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.HOST }}
        port: ${{ secrets.PORT }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        rm: true
        source: "*"
        target: "/var/www"
        strip_components: 1

Deploy to GitHub Pages

Another popular option is to deploy to github pages. Say you have a node project which outputs static files to the 'build' directory:

name: Deploy to GitHub pages
on:
  push:
    branches: [ main ]
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Build 
      uses: actions/setup-node@v2
    - run: |
        npm ci
        npm run build
        
    - name: Scrub Metadata
      run: |
        sudo apt install libimage-exiftool-perl -y
        exiftool -all= -r -overwrite_original -ext jpg -ext jpeg -ext png build

    - name: Deploy to GitHub pages
      uses: JamesIves/github-pages-deploy-action@v4
      with:
        folder: build

Checking Our Work

Finally, I like to check if we have actually removed all metadata. To do this, we can use an online EXIF data viewer like jimpl.com. Simply paste some links to your images into there and see what it finds. In my case, exiftool removed all sensitive data, success!

↑ back to top

© 2024 Jakob Maier
kontakt & impressum
edit