Merge branch 'feature/migrate-to-sdk' into jill/validate-secret-reference
This commit is contained in:
Jill Regan
@@ -151,6 +151,12 @@ describe("extractSecret", () => {
|
||||
});
|
||||
|
||||
describe("loadSecrets when using Connect", () => {
|
||||
beforeEach(() => {
|
||||
process.env[envConnectHost] = "https://localhost:8000";
|
||||
process.env[envConnectToken] = "token";
|
||||
process.env[envServiceAccountToken] = "";
|
||||
});
|
||||
|
||||
it("sets the client info and gets the executed output", async () => {
|
||||
await loadSecrets(true);
|
||||
|
||||
@@ -278,6 +284,15 @@ describe("loadSecrets when using Service Account", () => {
|
||||
expect(core.exportVariable).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("wraps createClient errors with a descriptive message", async () => {
|
||||
(createClient as jest.Mock).mockRejectedValue(
|
||||
new Error("invalid token format"),
|
||||
);
|
||||
await expect(loadSecrets(false)).rejects.toThrow(
|
||||
"Service account authentication failed: invalid token format",
|
||||
);
|
||||
});
|
||||
|
||||
describe("multiple refs", () => {
|
||||
const ref1 = "op://vault/item/field";
|
||||
const ref2 = "op://vault/other/item";
|
||||
|
||||
15
src/utils.ts
15
src/utils.ts
@@ -30,7 +30,7 @@ export const validateAuth = (): void => {
|
||||
core.info(`Authenticated with ${authType}.`);
|
||||
};
|
||||
|
||||
export const getEnvVarNamesWithSecretRefs = (): string[] =>
|
||||
const getEnvVarNamesWithSecretRefs = (): string[] =>
|
||||
Object.keys(process.env).filter(
|
||||
(key) =>
|
||||
typeof process.env[key] === "string" &&
|
||||
@@ -81,8 +81,6 @@ export const extractSecret = (
|
||||
envName: string,
|
||||
shouldExportEnv: boolean,
|
||||
): void => {
|
||||
core.info(`Populating variable: ${envName}`);
|
||||
|
||||
const ref = process.env[envName];
|
||||
if (!ref) {
|
||||
return;
|
||||
@@ -93,16 +91,7 @@ export const extractSecret = (
|
||||
return;
|
||||
}
|
||||
|
||||
if (shouldExportEnv) {
|
||||
core.exportVariable(envName, secretValue);
|
||||
} else {
|
||||
core.setOutput(envName, secretValue);
|
||||
}
|
||||
// Skip setSecret for empty strings to avoid the warning:
|
||||
// "Can't add secret mask for empty string in ##[add-mask] command."
|
||||
if (secretValue) {
|
||||
core.setSecret(secretValue);
|
||||
}
|
||||
setResolvedSecret(envName, secretValue, shouldExportEnv);
|
||||
};
|
||||
|
||||
// Connect loads secrets via the 1Password CLI
|
||||
|
||||
Reference in New Issue
Block a user