Added OP_ENV_FILE to acceptance test, fixed lint/style error and added example .env.tpl documentation in README

Signed-off-by: Willi Carlsen <carlsenwilli@gmail.com>

.github/workflows/acceptance-test.yml

@@ -36,9 +36,9 @@ jobs:
         if: |
           github.event_name != 'repository_dispatch' &&
           (
-            github.ref == 'refs/heads/main' || 
+            github.ref == 'refs/heads/main' ||
             (
-              github.event_name == 'pull_request' && 
+              github.event_name == 'pull_request' &&
               github.event.pull_request.head.repo.full_name == github.repository
             )
           )
@@ -96,12 +96,14 @@ jobs:
           SECRET: ${{ inputs.secret }}
           SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
           MULTILINE_SECRET: ${{ inputs.multiline-secret }}
+          OP_ENV_FILE: ./tests/.env.tpl
       - name: Assert test secret values [step output]
         if: ${{ !inputs.export-env }}
         env:
           SECRET: ${{ steps.load_secrets.outputs.SECRET }}
           SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
           MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
+          OP_ENV_FILE: ./tests/.env.tpl
         run: ./tests/assert-env-set.sh
       - name: Assert test secret values [exported env]
         if: ${{ inputs.export-env }}

README.md

@@ -39,7 +39,7 @@ jobs:
         env:
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           SECRET: op://app-cicd/hello-world/secret
-          OP_ENV_FILE: "path/to/.env.tpl"
+          OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl forexample
 
       - name: Print masked secret
         run: 'echo "Secret: ${{ steps.load_secrets.outputs.SECRET }}"'
@@ -64,7 +64,7 @@ jobs:
         env:
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           SECRET: op://app-cicd/hello-world/secret
-          OP_ENV_FILE: "path/to/.env.tpl"
+          OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl forexample
 
       - name: Print masked secret
         run: 'echo "Secret: $SECRET"'

src/index.ts

@@ -2,9 +2,7 @@ import * as core from "@actions/core";
 import { validateCli } from "@1password/op-js";
 import { installCliOnGithubActionRunner } from "op-cli-installer";
 import { loadSecrets, unsetPrevious, validateAuth } from "./utils";
-import {
-	envFilePath,
-} from "./constants";
+import { envFilePath } from "./constants";
 
 const loadSecretsAction = async () => {
 	try {
@@ -20,16 +18,16 @@ const loadSecretsAction = async () => {
 		// Validate that a proper authentication configuration is set for the CLI
 		validateAuth();
 
-		// Download and install the CLI
-		await installCLI();
-
 		// Set environment variables from OP_ENV_FILE
 		const file = process.env[envFilePath];
 		if (file) {
 			core.info(`Loading environment variables from file: ${file}`);
-			process.loadEnvFile(file)
+			process.loadEnvFile(file);
 		}
 
+		// Download and install the CLI
+		await installCLI();
+
 		// Load secrets
 		await loadSecrets(shouldExportEnv);
 	} catch (error) {

tests/.env.tpl

@@ -0,0 +1,3 @@
+FILE_SECRET=op://acceptance-tests/test-secret/password
+FILE_SECRET_IN_SECTION=op://acceptance-tests/test-secret/test-section/password
+FILE_MULTILINE_SECRET=op://acceptance-tests/multiline-secret/notesPlain

tests/assert-env-set.sh

@@ -9,11 +9,8 @@ assert_env_equals() {
   fi
 }
 
-assert_env_equals "SECRET" "RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
-
-assert_env_equals "SECRET_IN_SECTION" "RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
-
-assert_env_equals "MULTILINE_SECRET" "$(cat << EOF
+readonly SECRET="RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
+MULTILINE_SECRET="$(cat << EOF
 -----BEGIN PRIVATE KEY-----
 RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLApXaGls
 ZSB3ZSBkZWVwbHkgYXBwcmVjaWF0ZSB5b3VyIHZp
@@ -28,3 +25,13 @@ IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo=
 -----END PRIVATE KEY-----
 EOF
 )"
+readonly MULTILINE_SECRET
+
+assert_env_equals "SECRET" "${SECRET}"
+assert_env_equals "FILE_SECRET" "${SECRET}"
+
+assert_env_equals "SECRET_IN_SECTION" "${SECRET}"
+assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}"
+
+assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}"
+assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}"

tests/assert-env-unset.sh

@@ -10,5 +10,10 @@ assert_env_unset() {
 }
 
 assert_env_unset "SECRET"
+assert_env_unset "FILE_SECRET"
+
 assert_env_unset "SECRET_IN_SECTION"
+assert_env_unset "FILE_SECRET_IN_SECTION"
+
 assert_env_unset "MULTILINE_SECRET"
+assert_env_unset "FILE_MULTILINE_SECRET"