Use set -x your password will be open in build logs

language: bash

services: docker

os: windows

env:
 global:
   - DOCKER_HUB=willdockerhub
   - ALI_REGISTRY=registry.cn-hangzhou.aliyuncs.com/aliwill

before_script:
  - docker version
  - env | sort

script:
  - |
    (
      set -Eeuo pipefail
      set -x
      #login
      docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
      docker login registry.cn-hangzhou.aliyuncs.com -u $ALI_USERNAME  -p $ALI_PASSWORD
       
      #pull image
      docker pull mcr.microsoft.com/windows/servercore:ltsc2019
      
      #tag image
      docker tag mcr.microsoft.com/windows/servercore:ltsc2019 willdockerhub/servercore:ltsc2019
      docker tag mcr.microsoft.com/windows/servercore:ltsc2019 registry.cn-hangzhou.aliyuncs.com/aliwill/servercore:ltsc2019
      
      #push image
      docker push willdockerhub/servercore:ltsc2019
      docker push registry.cn-hangzhou.aliyuncs.com/aliwill/servercore:ltsc2019
    )

See

At the moment, there is no filtering of secrets on Windows, so it is up to you to ensure that your output does not leak sensitive information.