wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add more tests to check that action works correctly with provided stable or beta version

Browse Source
This commit is contained in:
Volodymyr Zotov
2025-07-30 13:02:06 -05:00
parent 3a62b7cf63
commit c0724d8845
3 changed files with 108 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
.github/workflows/acceptance-test.yml vendored
View File

@@ -15,17 +15,21 @@ on:
export-env: export-env:
required: true required: true
type: boolean type: boolean
version:
required: false
type: string
default: "latest"
os:
required: true
type: string
default: "ubuntu-latest"
auth:
required: true
type: string
jobs: jobs:
acceptance-test: acceptance-test:
strategy: runs-on: ${{ inputs.os }}
matrix:
os: [ubuntu-latest, macos-latest]
auth: [connect, service-account]
exclude:
- os: macos-latest
auth: connect
runs-on: ${{ matrix.os }}
steps: steps:
- name: Base checkout - name: Base checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -50,32 +54,50 @@ jobs:
github.event.client_payload.slash_command.args.named.sha github.event.client_payload.slash_command.args.named.sha
) )
- name: Launch 1Password Connect instance - name: Launch 1Password Connect instance
if: ${{ matrix.auth == 'connect' }} if: ${{ inputs.auth == 'connect' }}
env: env:
OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
run: | run: |
echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
- name: Configure Service account - name: Configure Service account
if: ${{ matrix.auth == 'service-account' }} if: ${{ inputs.auth == 'service-account' }}
uses: ./configure uses: ./configure
with: with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- name: Verify Service Account env var is set
if: ${{ inputs.auth == 'service-account' }}
shell: bash
run: |
if [ -z "${OP_SERVICE_ACCOUNT_TOKEN}" ]; then
echo "OP_SERVICE_ACCOUNT_TOKEN environment variable is not set" >&2
exit 1
fi
- name: Configure 1Password Connect - name: Configure 1Password Connect
if: ${{ matrix.auth == 'connect' }} if: ${{ inputs.auth == 'connect' }}
uses: ./configure # 1password/load-secrets-action/configure@<version> uses: ./configure # 1password/load-secrets-action/configure@<version>
with: with:
connect-host: http://localhost:8080 connect-host: http://localhost:8080
connect-token: ${{ secrets.OP_CONNECT_TOKEN }} connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
- name: Verify Connect env vars are set
if: ${{ inputs.auth == 'connect' }}
run: |
if [ -z "$OP_CONNECT_HOST" ] || [ -z "$OP_CONNECT_TOKEN" ]; then
echo "OP_CONNECT_HOST or OP_CONNECT_TOKEN environment variables are not set" >&2
exit 1
fi
- name: Load secrets - name: Load secrets
id: load_secrets id: load_secrets
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
with: with:
version: ${{ inputs.version }}
export-env: ${{ inputs.export-env }} export-env: ${{ inputs.export-env }}
env: env:
SECRET: ${{ inputs.secret }} SECRET: ${{ inputs.secret }}
SECRET_IN_SECTION: ${{ inputs.secret-in-section }} SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
MULTILINE_SECRET: ${{ inputs.multiline-secret }} MULTILINE_SECRET: ${{ inputs.multiline-secret }}
- name: Verify installed op cli version
run: ./tests/assert-cli-version.sh ${{ inputs.version }}
- name: Assert test secret values [step output] - name: Assert test secret values [step output]
if: ${{ !inputs.export-env }} if: ${{ !inputs.export-env }}
env: env:

48
.github/workflows/test.yml vendored
View File

@@ -14,6 +14,7 @@ jobs:
node-version: 20 node-version: 20
- run: npm ci - run: npm ci
- run: npm test - run: npm test
test-with-output-secrets: test-with-output-secrets:
if: | if: |
github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main' ||
@@ -21,13 +22,27 @@ jobs:
github.event_name == 'pull_request' && github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
) )
uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@vzt/use-op-cli-installer #TODO: after merge, this to main, revert to consume yml file from main (delete '@vzt/use-op-cli-installer')
secrets: inherit secrets: inherit
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
auth: [connect, service-account]
exclude:
- os: macos-latest
auth: connect
- os: windows-latest
auth: connect
with: with:
os: ${{ matrix.os }}
version: ${{ matrix.version }}
auth: ${{ matrix.auth }}
secret: op://acceptance-tests/test-secret/password secret: op://acceptance-tests/test-secret/password
secret-in-section: op://acceptance-tests/test-secret/test-section/password secret-in-section: op://acceptance-tests/test-secret/test-section/password
multiline-secret: op://acceptance-tests/multiline-secret/notesPlain multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
export-env: false export-env: false
test-with-export-env: test-with-export-env:
if: | if: |
github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main' ||
@@ -35,13 +50,27 @@ jobs:
github.event_name == 'pull_request' && github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
) )
uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@vzt/use-op-cli-installer #TODO: after merge, this to main, revert to consume yml file from main (delete '@vzt/use-op-cli-installer')
secrets: inherit secrets: inherit
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
auth: [connect, service-account]
exclude:
- os: macos-latest
auth: connect
- os: windows-latest
auth: connect
with: with:
os: ${{ matrix.os }}
version: ${{ matrix.version }}
auth: ${{ matrix.auth }}
secret: op://acceptance-tests/test-secret/password secret: op://acceptance-tests/test-secret/password
secret-in-section: op://acceptance-tests/test-secret/test-section/password secret-in-section: op://acceptance-tests/test-secret/test-section/password
multiline-secret: op://acceptance-tests/multiline-secret/notesPlain multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
export-env: true export-env: true
test-references-with-ids: test-references-with-ids:
if: | if: |
github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main' ||
@@ -49,9 +78,22 @@ jobs:
github.event_name == 'pull_request' && github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
) )
uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@vzt/use-op-cli-installer #TODO: after merge, this to main, revert to consume yml file from main (delete '@vzt/use-op-cli-installer')
secrets: inherit secrets: inherit
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
auth: [connect, service-account]
exclude:
- os: macos-latest
auth: connect
- os: windows-latest
auth: connect
with: with:
os: ${{ matrix.os }}
version: ${{ matrix.version }}
auth: ${{ matrix.auth }}
secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain

30
tests/assert-cli-version.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
set -e
OP_CLI_VERSION="$1"
CLI_URL="https://app-updates.agilebits.com/product_history/CLI2"
get_latest_cli_version() {
conditional_path="/beta/"
if [ "$1" == "non_beta" ]; then
conditional_path="!/beta/"
fi
# This long command parses the HTML page at "CLI_URL" and finds the latest CLI version
# based on the release channel we're looking for (stable or beta).
#
# The ideal call (i.e. 'curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/Y -s | jq -r .version')
# doesn't retrieve the latest CLI version on a channel basis.
# If the latest release is stable and we want the latest beta, this command will return the stable still.
OP_CLI_VERSION="$(curl -s $CLI_URL | awk -v RS='<h3>|</h3>' 'NR % 2 == 0 {gsub(/[[:blank:]]+/, ""); gsub(/<span[^>]*>|<\/span>|[\r\n]+/, ""); gsub(/&nbsp;.*$/, ""); if (!'"$1"' && '"$conditional_path"'){print; '"$1"'=1;}}')"
}
if [ "$OP_CLI_VERSION" == "latest" ]; then
get_latest_cli_version non_beta
elif [ "$OP_CLI_VERSION" == "latest-beta" ]; then
get_latest_cli_version beta
fi
if [ "$(op --version)" != "$OP_CLI_VERSION" ]; then
echo -e "Expected CLI version to be:\n$OP_CLI_VERSION\nBut got:\n$(op --version)"
exit 1
fi