From 015b03300e4a3a52bef22d67bac1d0a88e336ac9 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 19 Feb 2026 14:17:40 -0500 Subject: [PATCH 1/4] Code cleanup --- src/utils.test.ts | 15 +++++++++++++++ src/utils.ts | 16 +++------------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/src/utils.test.ts b/src/utils.test.ts index 7b066e5..e44b4af 100644 --- a/src/utils.test.ts +++ b/src/utils.test.ts @@ -148,6 +148,12 @@ describe("extractSecret", () => { }); describe("loadSecrets when using Connect", () => { + beforeEach(() => { + process.env[envConnectHost] = "https://localhost:8000"; + process.env[envConnectToken] = "token"; + process.env[envServiceAccountToken] = ""; + }); + it("sets the client info and gets the executed output", async () => { await loadSecrets(true); @@ -275,6 +281,15 @@ describe("loadSecrets when using Service Account", () => { expect(core.exportVariable).not.toHaveBeenCalled(); }); + it("wraps createClient errors with a descriptive message", async () => { + (createClient as jest.Mock).mockRejectedValue( + new Error("invalid token format"), + ); + await expect(loadSecrets(false)).rejects.toThrow( + "Service account authentication failed: invalid token format", + ); + }); + describe("multiple refs", () => { const ref1 = "op://vault/item/field"; const ref2 = "op://vault/other/item"; diff --git a/src/utils.ts b/src/utils.ts index 383e103..77505e1 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -30,7 +30,7 @@ export const validateAuth = (): void => { core.info(`Authenticated with ${authType}.`); }; -export const getEnvVarNamesWithSecretRefs = (): string[] => +const getEnvVarNamesWithSecretRefs = (): string[] => Object.keys(process.env).filter( (key) => typeof process.env[key] === "string" && @@ -58,8 +58,6 @@ export const extractSecret = ( envName: string, shouldExportEnv: boolean, ): void => { - core.info(`Populating variable: ${envName}`); - const ref = process.env[envName]; if (!ref) { return; @@ -70,16 +68,8 @@ export const extractSecret = ( return; } - if (shouldExportEnv) { - core.exportVariable(envName, secretValue); - } else { - core.setOutput(envName, secretValue); - } - // Skip setSecret for empty strings to avoid the warning: - // "Can't add secret mask for empty string in ##[add-mask] command." - if (secretValue) { - core.setSecret(secretValue); - } + setResolvedSecret(envName, secretValue, shouldExportEnv); + }; // Connect loads secrets via the 1Password CLI From 1e8273d4beecd40215786aeda3f8026d9cc7131e Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 19 Feb 2026 14:24:51 -0500 Subject: [PATCH 2/4] Fix formatting --- src/utils.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/utils.ts b/src/utils.ts index 77505e1..6b61d48 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -69,7 +69,6 @@ export const extractSecret = ( } setResolvedSecret(envName, secretValue, shouldExportEnv); - }; // Connect loads secrets via the 1Password CLI From 04984a6c91714492720f156812c0eb8416059cda Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Fri, 20 Feb 2026 08:31:14 -0500 Subject: [PATCH 3/4] Add eslint disable --- src/utils.test.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/utils.test.ts b/src/utils.test.ts index d21fa24..f2d9429 100644 --- a/src/utils.test.ts +++ b/src/utils.test.ts @@ -23,6 +23,7 @@ jest.mock("@actions/exec", () => ({ })), })); jest.mock("@1password/op-js"); +// eslint-disable-next-line @typescript-eslint/naming-convention jest.mock("@1password/sdk", () => ({ createClient: jest.fn(), Secrets: { From 9d7acefac986f92b643437d44d0a263b330b84cb Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Fri, 20 Feb 2026 08:34:52 -0500 Subject: [PATCH 4/4] Move comment --- src/utils.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils.test.ts b/src/utils.test.ts index f2d9429..575c30f 100644 --- a/src/utils.test.ts +++ b/src/utils.test.ts @@ -23,9 +23,9 @@ jest.mock("@actions/exec", () => ({ })), })); jest.mock("@1password/op-js"); -// eslint-disable-next-line @typescript-eslint/naming-convention jest.mock("@1password/sdk", () => ({ createClient: jest.fn(), + // eslint-disable-next-line @typescript-eslint/naming-convention Secrets: { validateSecretReference: jest.fn(), },