Add missing config for tests

Fix lint
Enable the user to use the GitHub Action without Connect
2021-08-03 19:23:44 +02:00 · 2021-08-03 19:18:04 +02:00 · 2021-08-03 19:11:41 +02:00
4 changed files with 110 additions and 19 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,6 +15,7 @@ jobs:
      - name: Configure 1Password Connect
        uses: ./configure # 1password/load-secrets-action/configure@<version>
        with:
+          use-connect: yes
          connect-host: http://localhost:8080
          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
      - name: Load secrets
@@ -49,3 +50,46 @@ jobs:
        run: printenv
      - name: Assert test secret values again
        run: ./tests/assert-env-set.sh
+  test-user:  
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Configure 1Password with a user
+        uses: ./configure # 1password/load-secrets-action/configure@<version>
+        with:
+          user-domain: ${{ secrets.USER_DOMAIN }}
+          user-email: ${{ secrets.USER_EMAIL }}
+          user-key: ${{ secrets.USER_KEY }}
+          user-pwd: ${{ secrets.USER_PWD }}
+      - name: Load secrets
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/password
+          SECRET_IN_SECTION: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/password
+          UNMASKED_VALUE: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/username
+      - name: Load multiline secret
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          MULTILINE_SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/bcshnrykfwf5i5zm7nkqy63dca/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
+      - name: Assert test secret values
+        run: ./tests/assert-env-set.sh
+      - name: Remove secrets
+        uses: ./ # 1password/load-secrets-action@<version>
+        with:
+          unset-previous: true
+      - name: Print environment variables with secrets removed
+        run: printenv
+      - name: Assert removed secrets
+        run: ./tests/assert-env-unset.sh
+      - name: Load secrets by vault and item titles
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          SECRET: op://acceptance-tests/test-secret/password
+          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
+          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
+      - name: Assert test secret values again
+        run: ./tests/assert-env-set.sh
--- a/configure/action.yml
+++ b/configure/action.yml
@@ -6,11 +6,26 @@ inputs:
    description: Your 1Password Connect instance URL
  connect-token:
    description: Token to authenticate to your 1Password Connect instance
+  use-connect:
+    description: Use Connect for fetching secrets
+  user-domain:
+    description: Your sign-in address
+  user-email:
+    description: Your account email
+  user-key:
+    description: Your Account secret key
+  user-pwd:
+    description: Your Master Password
 runs:
  using: composite
  steps: 
    - run: |
        export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
        export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
+        export INPUT_USE_CONNECT=${{ inputs.use-connect }}
+        export INPUT_USER_DOMAIN=${{ inputs.user-domain }}
+        export INPUT_USER_EMAIL=${{ inputs.user-email }}
+        export INPUT_USER_KEY=${{ inputs.user-key }}
+        export INPUT_USER_PWD=${{ inputs.user-pwd }}
        ${{ github.action_path }}/entrypoint.sh
      shell: bash
--- a/configure/entrypoint.sh
+++ b/configure/entrypoint.sh
@@ -14,3 +14,28 @@ OP_CONNECT_TOKEN="${INPUT_CONNECT_TOKEN:-$OP_CONNECT_TOKEN}"
 if [ -n "$OP_CONNECT_TOKEN" ]; then
  echo "OP_CONNECT_TOKEN=$OP_CONNECT_TOKEN" >> $GITHUB_ENV
 fi
+
+USE_CONNECT="${INPUT_USE_CONNECT:-$USE_CONNECT}"
+if [ -n "$USE_CONNECT" ]; then
+  echo "USE_CONNECT=$USE_CONNECT" >> $GITHUB_ENV
+fi
+
+OP_USER_DOMAIN="${INPUT_USER_DOMAIN:-$OP_USER_DOMAIN}"
+if [ -n "$OP_USER_DOMAIN" ]; then
+  echo "OP_USER_DOMAIN=$OP_USER_DOMAIN" >> $GITHUB_ENV
+fi
+
+OP_USER_EMAIL="${INPUT_USER_EMAIL:-$OP_USER_EMAIL}"
+if [ -n "$OP_USER_EMAIL" ]; then
+  echo "OP_USER_EMAIL=$OP_USER_EMAIL" >> $GITHUB_ENV
+fi
+
+OP_USER_KEY="${INPUT_USER_KEY:-$OP_USER_KEY}"
+if [ -n "$OP_USER_KEY" ]; then
+  echo "OP_USER_KEY=$OP_USER_KEY" >> $GITHUB_ENV
+fi
+
+OP_USER_PWD="${INPUT_USER_PWD:-$OP_USER_PWD}"
+if [ -n "$OP_USER_PWD" ]; then
+  echo "OP_USER_PWD=$OP_USER_PWD" >> $GITHUB_ENV
+fi
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,12 +3,22 @@
 set -e

 # Install op-cli
-$(curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-")
+curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-"
 unzip -od /usr/local/bin/ op.zip && rm op.zip

-if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
-  echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set"
-  exit 1
+if [ -z "$USE_CONNECT" ]; then
+  if [ -z "$OP_USER_DOMAIN" ] || [ -z "$OP_USER_EMAIL" ] || [ -z "$OP_USER_KEY" ] || [ -z "$OP_USER_PWD" ]; then
+    echo "\$OP_USER_DOMAIN, \$OP_USER_EMAIL, \$OP_USER_KEY and \$OP_USER_PWD must be set"
+    exit 1
+  fi
+
+  export OP_DEVICE=ugsqksnl4o6f2uwkyeibhqpony
+  eval $(printenv OP_USER_PWD | op signin "$OP_USER_DOMAIN" "$OP_USER_EMAIL" "$OP_USER_KEY")
+else
+  if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
+    echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set"
+    exit 1
+  fi
 fi

 managed_variables_var="OP_MANAGED_VARIABLES"
@@ -45,21 +55,18 @@ for env_var in $(op list envars); do
    exit 1
  fi

-  # If the field is marked as concealed or is a note, register a mask
-  # for the secret to prevent accidental log exposure.
-  if [ "$field_type" == "CONCEALED" ] || [ "$field_purpose" == "NOTES" ]; then
-    # To support multiline secrets, escape percent signs and add a mask per line.
-    escaped_mask_value=$(echo "$secret_value" | sed -e 's/%/%25/g')
-    IFS=$'\n'
-    for line in $escaped_mask_value; do
-      if [ "${#line}" -lt 3 ]; then
-        # To avoid false positives and unreadable logs, omit mask for lines that are too short.
-        continue
-      fi
-      echo "::add-mask::$line"
-    done
-    unset IFS
-  fi
+  # Register a mask for the secret to prevent accidental log exposure.
+  # To support multiline secrets, escape percent signs and add a mask per line.
+  escaped_mask_value=$(echo "$secret_value" | sed -e 's/%/%25/g')
+  IFS=$'\n'
+  for line in $escaped_mask_value; do
+    if [ "${#line}" -lt 3 ]; then
+      # To avoid false positives and unreadable logs, omit mask for lines that are too short.
+      continue
+    fi
+    echo "::add-mask::$line"
+  done
+  unset IFS

  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
  # As the heredoc identifier, we'll use a randomly generated 64-character string,
Author	SHA1	Message	Date
Eddy Filip	cb23d65d8d	Add missing config for tests Some checks failed Run acceptance tests / test (push) Has been cancelled Details Run acceptance tests / test-user (push) Has been cancelled Details	2021-08-03 19:23:44 +02:00
Eddy Filip	adde26c41b	Fix lint	2021-08-03 19:18:04 +02:00
Eddy Filip	6bfaeeb67d	Enable the user to use the GitHub Action without Connect	2021-08-03 19:11:41 +02:00