wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure that the action is backwards-compatible (#25)
Some checks failed
Run acceptance tests / use-connect-without-export-env (push) Has been cancelled
Details
Run acceptance tests / use-connect-with-export-env (push) Has been cancelled
Details
Run acceptance tests / use-connect-with-references-with-id (push) Has been cancelled
Details
Run acceptance tests / use-service-account-without-export-env (push) Has been cancelled
Details
Run acceptance tests / use-service-account-with-export-env (push) Has been cancelled
Details
Run acceptance tests / use-service-account-with-references-with-id (push) Has been cancelled
Details
Run acceptance tests / run-on-macos-12 (push) Has been cancelled
Details

Browse Source 
Bring 2 changes that ensure that the GitHub Action is backwards compatible:

- Append `http://` if the prefix is not provided in the `OP_CONNECT_HOST` (this is caused by the fact that `curl` guesses the protocol if not provided (https://linux.die.net/man/1/curl), which we missed when switching to using the 1Password CLI as the backend of the action)
- Set the default of export-env to true, since that was the default behavior of the action until we added the possibility to export secrets as step's output.

Also, the documentation is adjusted to reflect these changes.
This commit is contained in:
Eduard Filip
2022-12-22 11:46:28 +01:00
committed by GitHub
parent ffba2a6966
commit 0a7975f916
4 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/test.yml vendored
View File

@@ -15,11 +15,13 @@ jobs:
- name: Configure 1Password Connect - name: Configure 1Password Connect
uses: ./configure # 1password/load-secrets-action/configure@<version> uses: ./configure # 1password/load-secrets-action/configure@<version>
with: with:
connect-host: http://localhost:8080 connect-host: localhost:8080
connect-token: ${{ secrets.OP_CONNECT_TOKEN }} connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: false
env: env:
SECRET: op://acceptance-tests/test-secret/password SECRET: op://acceptance-tests/test-secret/password
SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
@@ -48,8 +50,6 @@ jobs:
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: true
env: env:
SECRET: op://acceptance-tests/test-secret/password SECRET: op://acceptance-tests/test-secret/password
SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
@@ -80,6 +80,8 @@ jobs:
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: false
env: env:
SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
@@ -97,6 +99,8 @@ jobs:
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: false
env: env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SECRET: op://acceptance-tests/test-secret/password SECRET: op://acceptance-tests/test-secret/password
@@ -115,8 +119,6 @@ jobs:
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: true
env: env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SECRET: op://acceptance-tests/test-secret/password SECRET: op://acceptance-tests/test-secret/password
@@ -131,6 +133,8 @@ jobs:
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: false
env: env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
@@ -149,6 +153,8 @@ jobs:
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with:
export-env: false
env: env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SECRET: op://acceptance-tests/test-secret/password SECRET: op://acceptance-tests/test-secret/password

6
README.md
View File

@@ -43,6 +43,8 @@ jobs:
- name: Load secret - name: Load secret
id: op-load-secret id: op-load-secret
uses: 1password/load-secrets-action@v1 uses: 1password/load-secrets-action@v1
with:
export-env: false
env: env:
OP_CONNECT_HOST: <Your Connect instance URL> OP_CONNECT_HOST: <Your Connect instance URL>
OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
@@ -77,6 +79,8 @@ jobs:
- name: Load Docker credentials - name: Load Docker credentials
id: load-docker-credentials id: load-docker-credentials
uses: 1password/load-secrets-action@v1 uses: 1password/load-secrets-action@v1
with:
export-env: false
env: env:
OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
DOCKERHUB_USERNAME: op://app-cicd/docker/username DOCKERHUB_USERNAME: op://app-cicd/docker/username
@@ -194,7 +198,7 @@ jobs:
| Name | Default | Description | | Name | Default | Description |
| ---------------- | ------- | ---------------------------------------------------------------------------------- | | ---------------- | ------- | ---------------------------------------------------------------------------------- |
| `export-env` | `false` | Export the loaded secrets as environment variables | | `export-env` | `true` | Export the loaded secrets as environment variables |
| `unset-previous` | `false` | Whether to unset environment variables populated by 1Password in earlier job steps | | `unset-previous` | `false` | Whether to unset environment variables populated by 1Password in earlier job steps |
## Secrets Reference Syntax ## Secrets Reference Syntax

2
action.yml
View File

@@ -10,7 +10,7 @@ inputs:
default: false default: false
export-env: export-env:
description: Export the secrets as environment variables description: Export the secrets as environment variables
default: false default: true
runs: runs:
using: 'node16' using: 'node16'
main: 'dist/index.js' main: 'dist/index.js'

4
entrypoint.sh
View File

@@ -14,6 +14,10 @@ auth_type=$CONNECT
managed_variables_var="OP_MANAGED_VARIABLES" managed_variables_var="OP_MANAGED_VARIABLES"
IFS=',' IFS=','
if [[ "$OP_CONNECT_HOST" != "http://"* ]] && [[ "$OP_CONNECT_HOST" != "https://"* ]]; then
export OP_CONNECT_HOST="http://"$OP_CONNECT_HOST
fi
# Unset all secrets managed by 1Password if `unset-previous` is set. # Unset all secrets managed by 1Password if `unset-previous` is set.
unset_prev_secrets() { unset_prev_secrets() {
if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then