diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a254ba8..cf010c1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,31 +22,7 @@ jobs: - name: Print environment variables with masked secrets run: printenv - name: Assert test secret values - env: - EXPECTED_SECRET: RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu - EXPECTED_MULTILINE_SECRET: |- - -----BEGIN PRIVATE KEY----- - RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLApXaGls - ZSB3ZSBkZWVwbHkgYXBwcmVjaWF0ZSB5b3VyIHZp - Z2lsYW5jZSBhbmQgZWZmb3J0cyB0byBtYWtlIHRo - ZSB3b3JsZCBtb3JlIHNlY3VyZSwgSSdtIGFmcmFp - ZCBJIG11c3QgdGVsbCB5b3UgdGhhdCB0aGlzIHZh - bHVlIGlzIG5vdCBhIGFjdHVhbCBwcml2YXRlIGtl - eS4gCkl0J3MgYSBqdXN0IGEgZHVtbXkgc2VjcmV0 - IHRoYXQgd2UgdXNlIHRvIHRlc3QgdmFyaW91cyAx - UGFzc3dvcmQgc2VjcmV0cyBpbnRlZ3JhdGlvbnMu - IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo= - -----END PRIVATE KEY----- - run: | - if [ "$SECRET" != "$EXPECTED_SECRET" ]; then - echo -e "Expected test SECRET to be set to:\n$EXPECTED_SECRET\nBut got:\n$SECRET" - exit 1 - fi - - if [ "$MULTILINE_SECRET" != "$EXPECTED_MULTILINE_SECRET" ]; then - echo -e "Expected MULTILINE_SECRET to be set to:\n$EXPECTED_MULTILINE_SECRET\nBut got:\n$MULTILINE_SECRET" - exit 1 - fi + run: ./tests/assert-env-set.sh - name: Remove secrets uses: ./ with: @@ -54,24 +30,15 @@ jobs: - name: Print environment variables with secrets removed run: printenv - name: Assert removed secrets - run: | - if [ -n "$SECRET" ] || [ -n "$MULTILINE_SECRET" ]; then - echo "Expected secrets from 1Password to be unset" - exit 1 - fi + run: ./tests/assert-env-unset.sh - name: Load secret again uses: ./ env: OP_CONNECT_HOST: http://localhost:8080 OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password + MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain - name: Print environment variables with masked secrets run: printenv - - name: Assert test secret value - env: - EXPECTED_SECRET: RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu - run: | - if [ "$SECRET" != "$EXPECTED_SECRET" ]; then - echo -e "Expected test SECRET to be set to:\n$EXPECTED_SECRET\nBut got:\n$SECRET" - exit 1 - fi + - name: Assert test secret values again + run: ./tests/assert-env-set.sh diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh new file mode 100755 index 0000000..9723f5c --- /dev/null +++ b/tests/assert-env-set.sh @@ -0,0 +1,25 @@ +#!/bin/bash +assert_env_equals() { + if [ "$(printenv $1)" != "$2" ]; then + echo -e "Expected $1 to be set to:\n$2\nBut got:\n$(printenv $1)" + exit 1 + fi +} + +assert_env_equals "SECRET" "RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu" + +assert_env_equals "MULTILINE_SECRET" "$(cat << EOF +-----BEGIN PRIVATE KEY----- +RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLApXaGls +ZSB3ZSBkZWVwbHkgYXBwcmVjaWF0ZSB5b3VyIHZp +Z2lsYW5jZSBhbmQgZWZmb3J0cyB0byBtYWtlIHRo +ZSB3b3JsZCBtb3JlIHNlY3VyZSwgSSdtIGFmcmFp +ZCBJIG11c3QgdGVsbCB5b3UgdGhhdCB0aGlzIHZh +bHVlIGlzIG5vdCBhIGFjdHVhbCBwcml2YXRlIGtl +eS4gCkl0J3MgYSBqdXN0IGEgZHVtbXkgc2VjcmV0 +IHRoYXQgd2UgdXNlIHRvIHRlc3QgdmFyaW91cyAx +UGFzc3dvcmQgc2VjcmV0cyBpbnRlZ3JhdGlvbnMu +IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo= +-----END PRIVATE KEY----- +EOF +)" diff --git a/tests/assert-env-unset.sh b/tests/assert-env-unset.sh new file mode 100755 index 0000000..3237c8a --- /dev/null +++ b/tests/assert-env-unset.sh @@ -0,0 +1,10 @@ +#!/bin/bash +assert_env_unset() { + if [ -n "$(printenv $1)" ]; then + echo "Expected secret $1 to be unset" + exit 1 + fi +} + +assert_env_unset "SECRET" +assert_env_unset "MULTILINE_SECRET"