Update install-cli-action import

Use install function from install-cli-action
Merge pull request #103 from 1Password/eddy/fix-dependabot-alerts
2025-07-25 13:40:53 -05:00 · 2025-07-25 13:11:13 -05:00 · 2025-07-15 16:03:02 +02:00 · 2025-07-14 18:19:51 +02:00 · 2025-03-05 17:11:01 +01:00 · 2025-03-05 10:25:55 +01:00
13 changed files with 39102 additions and 7024 deletions
--- a/.github/workflows/acceptance-test.yml
+++ b/.github/workflows/acceptance-test.yml
@@ -0,0 +1,96 @@
+name: Acceptance test
+
+on:
+  workflow_call:
+    inputs:
+      secret:
+        required: true
+        type: string
+      secret-in-section:
+        required: true
+        type: string
+      multiline-secret:
+        required: true
+        type: string
+      export-env:
+        required: true
+        type: boolean
+
+jobs:
+  acceptance-test:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        auth: [connect, service-account]
+        exclude:
+          - os: macos-latest
+            auth: connect
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Base checkout
+        uses: actions/checkout@v4
+        if: |
+          github.event_name != 'repository_dispatch' &&
+          (
+            github.ref == 'refs/heads/main' || 
+            (
+              github.event_name == 'pull_request' && 
+              github.event.pull_request.head.repo.full_name == github.repository
+            )
+          )
+      - name: Fork based /ok-to-test checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.client_payload.pull_request.head.sha }}
+        if: |
+          github.event_name == 'repository_dispatch' &&
+          github.event.client_payload.slash_command.args.named.sha != '' &&
+          contains(
+            github.event.client_payload.pull_request.head.sha,
+            github.event.client_payload.slash_command.args.named.sha
+          )
+      - name: Launch 1Password Connect instance
+        if: ${{ matrix.auth == 'connect' }}
+        env:
+          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
+        run: |
+          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
+          docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
+      - name: Configure Service account
+        if: ${{ matrix.auth == 'service-account' }}
+        uses: ./configure
+        with:
+          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+      - name: Configure 1Password Connect
+        if: ${{ matrix.auth == 'connect' }}
+        uses: ./configure # 1password/load-secrets-action/configure@<version>
+        with:
+          connect-host: http://localhost:8080
+          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
+      - name: Load secrets
+        id: load_secrets
+        uses: ./ # 1password/load-secrets-action@<version>
+        with:
+          export-env: ${{ inputs.export-env }}
+        env:
+          SECRET: ${{ inputs.secret }}
+          SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
+          MULTILINE_SECRET: ${{ inputs.multiline-secret }}
+      - name: Assert test secret values [step output]
+        if: ${{ !inputs.export-env }}
+        env:
+          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
+          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
+          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
+        run: ./tests/assert-env-set.sh
+      - name: Assert test secret values [exported env]
+        if: ${{ inputs.export-env }}
+        run: ./tests/assert-env-set.sh
+      - name: Remove secrets [exported env]
+        if: ${{ inputs.export-env }}
+        uses: ./ # 1password/load-secrets-action@<version>
+        with:
+          unset-previous: true
+      - name: Assert removed secrets [exported env]
+        if: ${{ inputs.export-env }}
+        run: ./tests/assert-env-unset.sh
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,4 +1,7 @@
-on: pull_request
+on:
+  push:
+    branches: [main]
+  pull_request:
 name: Lint

 jobs:
@@ -11,3 +14,16 @@ jobs:
        with:
          ignore_paths: >-
            .husky
+      - name: Setup Node.js
+        id: setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - name: Install Dependencies
+        id: install
+        run: npm ci
+      - name: Check formatting
+        run: npm run format:check
+      - name: Check lint
+        run: npm run lint
--- a/.github/workflows/ok-to-test.yml
+++ b/.github/workflows/ok-to-test.yml
@@ -0,0 +1,25 @@
+# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
+name: Ok To Test
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  ok-to-test:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write # For adding reactions to the pull request comments
+      contents: write # For executing the repository_dispatch event
+    # Only run for PRs, not issue comments
+    if: ${{ github.event.issue.pull_request }}
+    steps:
+      - name: Slash Command Dispatch
+        uses: peter-evans/slash-command-dispatch@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          reaction-token: ${{ secrets.GITHUB_TOKEN }}
+          issue-type: pull-request
+          commands: ok-to-test
+          # The repository permission level required by the user to dispatch commands. Only allows 1Password collaborators to run this.
+          permission: write
--- a/.github/workflows/pr-check-signed-commits.yml
+++ b/.github/workflows/pr-check-signed-commits.yml
@@ -0,0 +1,13 @@
+name: Check signed commits in PR
+on: pull_request_target
+
+jobs:
+  build:
+    name: Check signed commits in PR
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@v1
--- a/.github/workflows/test-fork.yml
+++ b/.github/workflows/test-fork.yml
@@ -0,0 +1,92 @@
+on:
+  repository_dispatch:
+    types: [ok-to-test-command]
+name: Run acceptance tests [fork]
+
+jobs:
+  test-with-output-secrets:
+    if: |
+      github.event_name == 'repository_dispatch' &&
+      github.event.client_payload.slash_command.args.named.sha != '' &&
+      contains(
+        github.event.client_payload.pull_request.head.sha,
+        github.event.client_payload.slash_command.args.named.sha
+      )
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    secrets: inherit
+    with:
+      secret: op://acceptance-tests/test-secret/password
+      secret-in-section: op://acceptance-tests/test-secret/test-section/password
+      multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
+      export-env: false
+  test-with-export-env:
+    if: |
+      github.event_name == 'repository_dispatch' &&
+      github.event.client_payload.slash_command.args.named.sha != '' &&
+      contains(
+        github.event.client_payload.pull_request.head.sha,
+        github.event.client_payload.slash_command.args.named.sha
+      )
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    secrets: inherit
+    with:
+      secret: op://acceptance-tests/test-secret/password
+      secret-in-section: op://acceptance-tests/test-secret/test-section/password
+      multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
+      export-env: true
+  test-references-with-ids:
+    if: |
+      github.event_name == 'repository_dispatch' &&
+      github.event.client_payload.slash_command.args.named.sha != '' &&
+      contains(
+        github.event.client_payload.pull_request.head.sha,
+        github.event.client_payload.slash_command.args.named.sha
+      )
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    secrets: inherit
+    with:
+      secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
+      secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
+      multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
+      export-env: false
+  update-checks:
+    # required permissions for updating the status of the pull request checks
+    permissions:
+      pull-requests: write
+      checks: write
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    strategy:
+      matrix:
+        job-name:
+          [
+            test-with-output-secrets,
+            test-with-export-env,
+            test-references-with-ids,
+          ]
+    needs:
+      [test-with-output-secrets, test-with-export-env, test-references-with-ids]
+    steps:
+      - uses: actions/github-script@v6
+        env:
+          job: ${{ matrix.job-name }}
+          ref: ${{ github.event.client_payload.pull_request.head.sha }}
+          conclusion: ${{ needs[format('{0}', matrix.job-name )].result }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const { data: checks } = await github.rest.checks.listForRef({
+              ...context.repo,
+              ref: process.env.ref
+            });
+
+            const check = checks.check_runs.filter(c => c.name === process.env.job);
+
+            const { data: result } = await github.rest.checks.update({
+              ...context.repo,
+              check_run_id: check[0].id,
+              status: 'completed',
+              conclusion: process.env.conclusion
+            });
+
+            return result;
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,4 +1,7 @@
-on: push
+on:
+  push:
+    branches: [main]
+  pull_request:
 name: Run acceptance tests

 jobs:
@@ -11,136 +14,45 @@ jobs:
          node-version: 20
      - run: npm ci
      - run: npm test
-
  test-with-output-secrets:
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-        auth: [connect, service-account]
-        exclude:
-          - os: macos-latest
-            auth: connect
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Launch 1Password Connect instance
-        if: ${{ matrix.auth == 'connect' }}
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
-      - name: Configure Service account
-        if: ${{ matrix.auth == 'service-account' }}
-        uses: ./configure
-        with:
-          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      - name: Configure 1Password Connect
-        if: ${{ matrix.auth == 'connect' }}
-        uses: ./configure # 1password/load-secrets-action/configure@<version>
-        with:
-          connect-host: http://localhost:8080
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
-      - name: Load secrets
-        id: load_secrets
-        uses: ./ # 1password/load-secrets-action@<version>
-        with:
-          export-env: false
-        env:
-          SECRET: op://acceptance-tests/test-secret/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
-      - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
+    if: |
+      github.ref == 'refs/heads/main' ||
+      (
+        github.event_name == 'pull_request' && 
+        github.event.pull_request.head.repo.full_name == github.repository
+      )
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    secrets: inherit
+    with:
+      secret: op://acceptance-tests/test-secret/password
+      secret-in-section: op://acceptance-tests/test-secret/test-section/password
+      multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
+      export-env: false
  test-with-export-env:
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-        auth: [connect, service-account]
-        exclude:
-          - os: macos-latest
-            auth: connect
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Launch 1Password Connect instance
-        if: ${{ matrix.auth == 'connect' }}
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
-      - name: Configure Service account
-        if: ${{ matrix.auth == 'service-account' }}
-        uses: ./configure
-        with:
-          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      - name: Configure 1Password Connect
-        if: ${{ matrix.auth == 'connect' }}
-        uses: ./configure # 1password/load-secrets-action/configure@<version>
-        with:
-          connect-host: http://localhost:8080
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
-      - name: Load secrets
-        id: load_secrets
-        uses: ./ # 1password/load-secrets-action@<version>
-        env:
-          SECRET: op://acceptance-tests/test-secret/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
-      - name: Assert test secret values
-        run: ./tests/assert-env-set.sh
-      - name: Remove secrets
-        uses: ./ # 1password/load-secrets-action@<version>
-        with:
-          unset-previous: true
-      - name: Assert removed secrets
-        run: ./tests/assert-env-unset.sh
+    if: |
+      github.ref == 'refs/heads/main' ||
+      (
+        github.event_name == 'pull_request' && 
+        github.event.pull_request.head.repo.full_name == github.repository
+      )
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    secrets: inherit
+    with:
+      secret: op://acceptance-tests/test-secret/password
+      secret-in-section: op://acceptance-tests/test-secret/test-section/password
+      multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
+      export-env: true
  test-references-with-ids:
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-        auth: [connect, service-account]
-        exclude:
-          - os: macos-latest
-            auth: connect
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Launch 1Password Connect instance
-        if: ${{ matrix.auth == 'connect' }}
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
-      - name: Configure Service account
-        if: ${{ matrix.auth == 'service-account' }}
-        uses: ./configure
-        with:
-          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      - name: Configure 1Password Connect
-        if: ${{ matrix.auth == 'connect' }}
-        uses: ./configure # 1password/load-secrets-action/configure@<version>
-        with:
-          connect-host: http://localhost:8080
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
-      - name: Load secrets
-        id: load_secrets
-        uses: ./ # 1password/load-secrets-action@<version>
-        with:
-          export-env: false
-        env:
-          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
-          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
-          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
-      - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
+    if: |
+      github.ref == 'refs/heads/main' ||
+      (
+        github.event_name == 'pull_request' && 
+        github.event.pull_request.head.repo.full_name == github.repository
+      )
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    secrets: inherit
+    with:
+      secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
+      secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
+      multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
+      export-env: false
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,6 +3,7 @@
 Thank you for your interest in contributing to the 1Password load-secrets-action project 👋! Before you start, please take a moment to read through this guide to understand our contribution process.

 ## Testing
+
 Unit tests can be run with `npm run test`.

 After following the steps below for signing commits, you can test against your PR with these steps:
@@ -10,13 +11,15 @@ After following the steps below for signing commits, you can test against your P
 1. Create or use an existing repo to run the `load-secrets` GitHub Action.
 2. In a workflow yaml file that uses the GitHub Action, modify the `uses: 1Password/load-secrets-action` line to be

-    ```yaml
-    uses: 1Password/load-secrets-action@<branch-name>
-    ```
-    OR
-    ```yaml
-    uses: 1Password/load-secrets-action@<commit-hash>
-    ```
+   ```yaml
+   uses: 1Password/load-secrets-action@<branch-name>
+   ```
+
+   OR
+
+   ```yaml
+   uses: 1Password/load-secrets-action@<commit-hash>
+   ```

 3. Trigger the action, which now includes your changes.

@@ -48,4 +51,4 @@ Follow the steps below to set up commit signing with `gpg`:

 1. [Generate a GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
 2. [Add the GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
-3. [Configure git to use your GPG key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key)
+3. [Configure git to use your GPG key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key)
--- a/README.md
+++ b/README.md
@@ -48,13 +48,11 @@ jobs:
 ## 💙 Community & Support

 - File an [issue](https://github.com/1Password/load-secrets-action/issues) for bugs and feature requests.
- Join the [Developer Slack workspace](https://join.slack.com/t/1password-devs/shared_invite/zt-1halo11ps-6o9pEv96xZ3LtX_VE0fJQA).
+- Join the [Developer Slack workspace](https://developer.1password.com/joinslack).
 - Subscribe to the [Developer Newsletter](https://1password.com/dev-subscribe/).

 ## 🔐 Security

 1Password requests you practice responsible disclosure if you discover a vulnerability.

-Please file requests via [**BugCrowd**](https://bugcrowd.com/agilebits).
-
-For information about security practices, please visit the [1Password Bug Bounty Program](https://bugcrowd.com/agilebits).
+Please file requests by sending an email to bugbounty@agilebits.com.
--- a/dist/index.js
+++ b/dist/index.js
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -39,12 +39,14 @@
 	},
 	"homepage": "https://github.com/1Password/load-secrets-action#readme",
 	"dependencies": {
+		"@1password/install-cli-action": "github:1password/install-cli-action#vzt/export-install-function",
 		"@1password/op-js": "^0.1.11",
 		"@actions/core": "^1.10.1",
 		"@actions/exec": "^1.1.1"
 	},
 	"devDependencies": {
-		"@1password/front-end-style": "^6.0.1",
+		"@1password/eslint-config": "^4.3.1",
+		"@1password/prettier-config": "^1.2.0",
 		"@types/jest": "^29.5.12",
 		"@types/node": "^20.11.30",
 		"@vercel/ncc": "^0.38.1",
@@ -55,7 +57,7 @@
 		"typescript": "^5.4.2"
 	},
 	"eslintConfig": {
-		"extends": "./node_modules/@1password/front-end-style/eslintrc.yml",
+		"extends": "@1password/eslint-config",
 		"ignorePatterns": [
 			"coverage/"
 		],
@@ -63,5 +65,5 @@
 			"project": "./tsconfig.json"
 		}
 	},
-	"prettier": "./node_modules/@1password/front-end-style/prettierrc.json"
+	"prettier": "@1password/prettier-config"
 }
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,8 +1,6 @@
-import path from "path";
-import url from "url";
 import * as core from "@actions/core";
-import * as exec from "@actions/exec";
 import { validateCli } from "@1password/op-js";
+import { install } from "@1password/install-cli-action";
 import { loadSecrets, unsetPrevious, validateAuth } from "./utils";

 const loadSecretsAction = async () => {
@@ -46,21 +44,7 @@ const installCLI = async (): Promise<void> => {
 	// If there's no CLI installed, then validateCli will throw an error, which we will use
 	// as an indicator that we need to execute the installation script.
 	await validateCli().catch(async () => {
-		const currentFile = url.fileURLToPath(import.meta.url);
-		const currentDir = path.dirname(currentFile);
-		const parentDir = path.resolve(currentDir, "..");
-
-		// Execute bash script
-		const cmdOut = await exec.getExecOutput(
-			`sh -c "` + parentDir + `/install_cli.sh"`,
-		);
-
-		// Add path to 1Password CLI to $PATH
-		const outArr = cmdOut.stdout.split("\n");
-		if (outArr[0] && process.env.PATH) {
-			const cliPath = outArr[0]?.replace(/^(::debug::OP_INSTALL_DIR: )/, "");
-			core.addPath(cliPath);
-		}
+		await install()
 	});
 };

--- a/src/utils.test.ts
+++ b/src/utils.test.ts
@@ -39,24 +39,24 @@ describe("validateAuth", () => {
 	});

 	it("should throw an error when no config is provided", () => {
-		expect(validateAuth).toThrowError(authErr);
+		expect(validateAuth).toThrow(authErr);
 	});

 	it("should throw an error when partial Connect config is provided", () => {
 		process.env[envConnectHost] = testConnectHost;
-		expect(validateAuth).toThrowError(authErr);
+		expect(validateAuth).toThrow(authErr);
 	});

 	it("should be authenticated as a Connect client", () => {
 		process.env[envConnectHost] = testConnectHost;
 		process.env[envConnectToken] = testConnectToken;
-		expect(validateAuth).not.toThrowError(authErr);
+		expect(validateAuth).not.toThrow(authErr);
 		expect(core.info).toHaveBeenCalledWith("Authenticated with Connect.");
 	});

 	it("should be authenticated as a service account", () => {
 		process.env[envServiceAccountToken] = testServiceAccountToken;
-		expect(validateAuth).not.toThrowError(authErr);
+		expect(validateAuth).not.toThrow(authErr);
 		expect(core.info).toHaveBeenCalledWith(
 			"Authenticated with Service account.",
 		);
@@ -66,7 +66,7 @@ describe("validateAuth", () => {
 		process.env[envServiceAccountToken] = testServiceAccountToken;
 		process.env[envConnectHost] = testConnectHost;
 		process.env[envConnectToken] = testConnectToken;
-		expect(validateAuth).not.toThrowError(authErr);
+		expect(validateAuth).not.toThrow(authErr);
 		expect(core.warning).toHaveBeenCalled();
 		expect(core.info).toHaveBeenCalledWith("Authenticated with Connect.");
 	});
Author	SHA1	Message	Date
Volodymyr Zotov	e34c300a89	Update `install-cli-action` import	2025-07-25 13:40:53 -05:00
Volodymyr Zotov	37a38cf129	Use `install` function from `install-cli-action`	2025-07-25 13:11:13 -05:00
Eduard Filip	43fd9cdb84	Merge pull request #103 from 1Password/eddy/fix-dependabot-alerts Fix Dependabot alerts	2025-07-15 16:03:02 +02:00
Eddy Filip	73195c1d43	Fix Dependabot alerts	2025-07-14 18:19:51 +02:00
Eduard Filip	85e0e789db	Merge pull request #100 from 1Password/fix/fork-workflow In #97 it was missed to adjust the reusable workflow to pull changes from the forked commit. Instead, now we pull from base repository, which doesn't contain the external contributor's changes. I've also improved the way we reference the reusable workflow to ensure we're using a trusted reusable workflow that won't change often.	2025-03-05 17:11:01 +01:00
Eddy Filip	39cf694bee	Reference the reusable workflow from main This is a safer approach since the main branch is protected. Therefore any chages to the reusable workflow will be intentional.	2025-03-05 10:25:55 +01:00
Eddy Filip	39b7248332	Add checking out from forked head	2025-03-05 10:25:52 +01:00
Eduard Filip	a5e5c78980	Merge pull request #97 from 1Password/feat/run-e2e-test-on-fork Currently an external contributor can't have the acceptance tests run on their PR because pull_request doesn't give access to the secrets needed for them. Therefore, in this PR we create a new workflow that is identical to the one for existing acceptance tests, with the following differences: This workflow can be triggered with the command /ok-to-test sha="<contributor's latest commit sha>" by one of this repo's maintainers. After the acceptance tests finish, their result will be updated to the PR's list of checks.	2025-03-04 13:57:05 +01:00
Eddy Filip	7d16183347	Add fork workflow for acceptance tests This file contains the same acceptance test jobs with the following differences: - They only run if the `ok-to-test` command triggered the workflow and a sha has been passed. - They checkout from the external contributor's commit. Lastly, this workflow contains an extra job which updates the status in the PR based on the jobs executed. The result of a job is the parent result of all the matrix variants executed as part of it.	2025-03-04 11:01:13 +01:00
Eddy Filip	0cbceff209	Add ok-to-test command This command will trigger an end-to-end workflow with the external contributor's code.	2025-03-04 11:01:09 +01:00
Eddy Filip	fec5c39dcc	Add condition to run tests only on maintainer's branches	2025-03-04 11:01:06 +01:00
Eduard Filip	a525a84c53	Refactor acceptance tests (#99 ) This workflow is the acceptance tests executed based on the following inputs: - secret references - whether the secrets are provided as a step output or environment variables.	2025-03-03 14:49:37 +01:00
Eduard Filip	6483669c68	Fix workflow branch syntax (#90 ) In a previous PR we used `branch` syntax to trigger the pipeline when a push on `main` was made. This was a mistake and `branches` is the correct syntax that achieves this.	2024-12-18 14:35:57 +01:00
Eduard Filip	06962f2427	Switch to new lint packages (#89 ) In Oct 2023, @1password/front-end-style has been rewritten into 3 smaller packages: - @1password/eslint-config - @1password/prettier-config - @1password/stylelint-config These 3 new packages have the same configurations as the previous package, with the benefits of being up-to-date and better organized. In the case of this GitHub Action, we only need the first two. The last one is dedicated to CSS stylling, which is not used in this action. Therefore, we will replace the deprecated @1password/front-end-style with the following packages: - @1password/eslint-config - @1password/prettier-config	2024-12-18 14:35:41 +01:00
Eduard Filip	3e2909a6b2	Add lint to workflow (#88 ) * Add lint in workflow This will check for code formatting, as well as for any ES lint issues. * Format code run `npm run check:write` * Run lint and fix errors Run `npm run lint` and then fix the errors shown.	2024-12-17 11:05:12 +01:00
Eduard Filip	734cd437f8	Make workflow targets more specific (#87 ) This ensures that: - Acceptance tests ar run on Pull requests - Lint is run on `main` - The workflows are executed only once on PRs	2024-12-17 11:04:57 +01:00
Eduard Filip	555e0c6a63	Update bug bounty process (#86 ) * Update bug bounty process * Fix docker compose command	2024-12-12 18:14:15 +01:00
Eduard Filip	0a309926fa	Fix Developer Slack workspace link (#76 )	2024-07-12 14:19:55 +02:00
Eduard Filip	a51c02d593	Run 1Password/check-signed-commits-action for PRs (#73 ) Add the 1Password/check-signed-commits-action that will leave a handy comment if a PR contains commits that are not signed.	2024-05-28 19:34:06 +02:00