diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f48e122..bdf0213 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -49,3 +49,46 @@ jobs: run: printenv - name: Assert test secret values again run: ./tests/assert-env-set.sh + test-user: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Configure 1Password with a user + uses: ./configure # 1password/load-secrets-action/configure@ + with: + user-domain: ${{ secrets.USER_DOMAIN }} + user-email: ${{ secrets.USER_EMAIL }} + user-key: ${{ secrets.USER_KEY }} + user-pwd: ${{ secrets.USER_PWD }} + - name: Load secrets + uses: ./ # 1password/load-secrets-action@ + env: + SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/password + SECRET_IN_SECTION: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/password + UNMASKED_VALUE: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/username + - name: Load multiline secret + uses: ./ # 1password/load-secrets-action@ + env: + MULTILINE_SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/bcshnrykfwf5i5zm7nkqy63dca/notesPlain + - name: Print environment variables with masked secrets + run: printenv + - name: Assert test secret values + run: ./tests/assert-env-set.sh + - name: Remove secrets + uses: ./ # 1password/load-secrets-action@ + with: + unset-previous: true + - name: Print environment variables with secrets removed + run: printenv + - name: Assert removed secrets + run: ./tests/assert-env-unset.sh + - name: Load secrets by vault and item titles + uses: ./ # 1password/load-secrets-action@ + env: + SECRET: op://acceptance-tests/test-secret/password + SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password + MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain + - name: Print environment variables with masked secrets + run: printenv + - name: Assert test secret values again + run: ./tests/assert-env-set.sh \ No newline at end of file diff --git a/configure/action.yml b/configure/action.yml index 97a44b4..7cf14fd 100644 --- a/configure/action.yml +++ b/configure/action.yml @@ -6,11 +6,26 @@ inputs: description: Your 1Password Connect instance URL connect-token: description: Token to authenticate to your 1Password Connect instance + use-connect: + description: Use Connect for fetching secrets + user-domain: + description: Your sign-in address + user-email: + description: Your account email + user-key: + description: Your Account secret key + user-pwd: + description: Your Master Password runs: using: composite steps: - run: | export INPUT_CONNECT_HOST=${{ inputs.connect-host }} export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }} + export INPUT_USE_CONNECT=${{ inputs.use-connect }} + export INPUT_USER_DOMAIN=${{ inputs.user-domain }} + export INPUT_USER_EMAIL=${{ inputs.user-email }} + export INPUT_USER_KEY=${{ inputs.user-key }} + export INPUT_USER_PWD=${{ inputs.user-pwd }} ${{ github.action_path }}/entrypoint.sh shell: bash diff --git a/configure/entrypoint.sh b/configure/entrypoint.sh index a0a4494..13d857c 100755 --- a/configure/entrypoint.sh +++ b/configure/entrypoint.sh @@ -14,3 +14,28 @@ OP_CONNECT_TOKEN="${INPUT_CONNECT_TOKEN:-$OP_CONNECT_TOKEN}" if [ -n "$OP_CONNECT_TOKEN" ]; then echo "OP_CONNECT_TOKEN=$OP_CONNECT_TOKEN" >> $GITHUB_ENV fi + +USE_CONNECT="${INPUT_USE_CONNECT:-$USE_CONNECT}" +if [ -n "$USE_CONNECT" ]; then + echo "USE_CONNECT=$USE_CONNECT" >> $GITHUB_ENV +fi + +OP_USER_DOMAIN="${INPUT_USER_DOMAIN:-$OP_USER_DOMAIN}" +if [ -n "$OP_USER_DOMAIN" ]; then + echo "OP_USER_DOMAIN=$OP_USER_DOMAIN" >> $GITHUB_ENV +fi + +OP_USER_EMAIL="${INPUT_USER_EMAIL:-$OP_USER_EMAIL}" +if [ -n "$OP_USER_EMAIL" ]; then + echo "OP_USER_EMAIL=$OP_USER_EMAIL" >> $GITHUB_ENV +fi + +OP_USER_KEY="${INPUT_USER_KEY:-$OP_USER_KEY}" +if [ -n "$OP_USER_KEY" ]; then + echo "OP_USER_KEY=$OP_USER_KEY" >> $GITHUB_ENV +fi + +OP_USER_PWD="${INPUT_USER_PWD:-$OP_USER_PWD}" +if [ -n "$OP_USER_PWD" ]; then + echo "OP_USER_PWD=$OP_USER_PWD" >> $GITHUB_ENV +fi diff --git a/entrypoint.sh b/entrypoint.sh index 4e8c691..e501cd0 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,9 +6,19 @@ set -e $(curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-") unzip -od /usr/local/bin/ op.zip && rm op.zip -if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then - echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set" - exit 1 +if [ -z "$USE_CONNECT" ]; then + if [ -z "$OP_USER_DOMAIN" ] || [ -z "$OP_USER_EMAIL" ] || [ -z "$OP_USER_KEY" ] || [ -z "$OP_USER_PWD" ]; then + echo "\$OP_USER_DOMAIN, \$OP_USER_EMAIL, \$OP_USER_KEY and \$OP_USER_PWD must be set" + exit 1 + fi + + export OP_DEVICE=ugsqksnl4o6f2uwkyeibhqpony + eval $(printenv OP_USER_PWD | op signin "$OP_USER_DOMAIN" "$OP_USER_EMAIL" "$OP_USER_KEY") +else + if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then + echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set" + exit 1 + fi fi managed_variables_var="OP_MANAGED_VARIABLES"