Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ffba2a6966 | ||
|
|
2ee4979efa | ||
|
|
7903600d82 | ||
|
|
fbf9be8f55 | ||
|
|
5a04ae581c | ||
|
|
747c0b5974 | ||
|
|
c0fbfd88d3 | ||
|
|
3f3d1e45cb | ||
|
|
b73c8a7ca6 |
17
README.md
17
README.md
@@ -2,11 +2,24 @@
|
||||
|
||||
This action loads secrets from 1Password into GitHub Actions using [1Password Connect](https://1password.com/secrets/).
|
||||
|
||||
Specify right from your workflow YAML which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
|
||||
Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
|
||||
|
||||
Read more on the [1Password Developer Portal](https://developer.1password.com/ci-cd/github-actions).
|
||||
|
||||
|
||||
## Requirements
|
||||
|
||||
Before you get started, you'll need to:
|
||||
|
||||
- [Deploy 1Password Connect](/docs/connect/get-started#step-2-deploy-1password-connect-server) in your infrastructure.
|
||||
- Set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables to your Connect instance's credentials, so it'll be used to load secrets.
|
||||
|
||||
_Supported runners_: You can run the action on Mac and Linux runners. Windows is currently not supported.
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
You can configure the action to use either 1Password Connect instance.
|
||||
You can configure the action to use your 1Password Connect instance.
|
||||
|
||||
If you provide `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables, the Connect instance will be used to load secrets. Make sure [1Password Connect](https://support.1password.com/secrets-automation/#step-2-deploy-a-1password-connect-server) is deployed in your infrastructure.
|
||||
|
||||
|
||||
@@ -2,6 +2,11 @@
|
||||
# shellcheck disable=SC2046,SC2001,SC2086
|
||||
set -e
|
||||
|
||||
# Pass User-Agent Inforomation to the 1Password CLI
|
||||
export OP_INTEGRATION_NAME="1Password GitHub Action"
|
||||
export OP_INTEGRATION_ID="GHA"
|
||||
export OP_INTEGRATION_BUILDNUMBER="1010001"
|
||||
|
||||
readonly CONNECT="CONNECT"
|
||||
readonly SERVICE_ACCOUNT="SERVICE_ACCOUNT"
|
||||
|
||||
@@ -31,10 +36,10 @@ unset_prev_secrets() {
|
||||
# Install op-cli
|
||||
install_op_cli() {
|
||||
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||
curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v2.7.1-beta.01/op_linux_amd64_v2.7.1-beta.01.zip"
|
||||
curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v2.10.0-beta.02/op_linux_amd64_v2.10.0-beta.02.zip"
|
||||
unzip -od /usr/local/bin/ op.zip && rm op.zip
|
||||
elif [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/v2.7.1-beta.01/op_apple_universal_v2.7.1-beta.01.pkg"
|
||||
curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/v2.10.0-beta.02/op_apple_universal_v2.10.0-beta.02.pkg"
|
||||
sudo installer -pkg op.pkg -target /usr/local/bin/ && rm op.pkg
|
||||
fi
|
||||
}
|
||||
@@ -43,7 +48,7 @@ populating_secret() {
|
||||
ref=$(printenv $1)
|
||||
|
||||
echo "Populating variable: $1"
|
||||
secret_value=$(op read $ref)
|
||||
secret_value=$(op read "$ref")
|
||||
|
||||
if [ -z "$secret_value" ]; then
|
||||
echo "Could not find or access secret $ref"
|
||||
@@ -67,7 +72,7 @@ populating_secret() {
|
||||
# To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
|
||||
# As the heredoc identifier, we'll use a randomly generated 64-character string,
|
||||
# so that collisions are practically impossible.
|
||||
random_heredoc_identifier=$(openssl rand -hex 16)
|
||||
random_heredoc_identifier=$(openssl rand -hex 32)
|
||||
|
||||
{
|
||||
# Populate env var, using heredoc syntax with generated identifier
|
||||
|
||||
Reference in New Issue
Block a user