Add missing config for tests

Fix lint
Enable the user to use the GitHub Action without Connect
2021-08-03 19:23:44 +02:00 · 2021-08-03 19:18:04 +02:00 · 2021-08-03 19:11:41 +02:00
12 changed files with 172 additions and 2553 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,37 +2,7 @@ on: push
 name: Run acceptance tests
 jobs:
-  use-connect-without-export-env:
+  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Launch 1Password Connect instance
        env:
          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
        run: |
          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
      - name: Configure 1Password Connect
        uses: ./configure # 1password/load-secrets-action/configure@<version>
        with:
          connect-host: localhost:8080
          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          export-env: false
        env:
          SECRET: op://acceptance-tests/test-secret/password
          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
      - name: Assert test secret values
        env:
          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
        run: ./tests/assert-env-set.sh
  use-connect-with-export-env:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
@@ -45,124 +15,81 @@ jobs:
      - name: Configure 1Password Connect
        uses: ./configure # 1password/load-secrets-action/configure@<version>
        with:
          use-connect: yes
          connect-host: http://localhost:8080
          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        env:
-          SECRET: op://acceptance-tests/test-secret/password
+          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
+          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
+          UNMASKED_VALUE: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/test-section/username
      - name: Load multiline secret
        uses: ./ # 1password/load-secrets-action@<version>
        env:
          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
      - name: Print environment variables with masked secrets
        run: printenv
      - name: Assert test secret values
        run: ./tests/assert-env-set.sh
      - name: Remove secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          unset-previous: true
      - name: Print environment variables with secrets removed
        run: printenv
      - name: Assert removed secrets
        run: ./tests/assert-env-unset.sh
-  use-connect-with-references-with-id:
+      - name: Load secrets by vault and item titles
        uses: ./ # 1password/load-secrets-action@<version>
        env:
          SECRET: op://acceptance-tests/test-secret/password
          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
      - name: Print environment variables with masked secrets
        run: printenv
      - name: Assert test secret values again
        run: ./tests/assert-env-set.sh
  test-user:  
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
-      - name: Launch 1Password Connect instance
+      - name: Configure 1Password with a user
        env:
          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
        run: |
          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
      - name: Configure 1Password Connect
        uses: ./configure # 1password/load-secrets-action/configure@<version>
        with:
-          connect-host: http://localhost:8080
+          user-domain: ${{ secrets.USER_DOMAIN }}
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
+          user-email: ${{ secrets.USER_EMAIL }}
          user-key: ${{ secrets.USER_KEY }}
          user-pwd: ${{ secrets.USER_PWD }}
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          export-env: false
        env:
-          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
+          SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/password
-          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
+          SECRET_IN_SECTION: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/password
-          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
+          UNMASKED_VALUE: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/username
      - name: Load multiline secret
        uses: ./ # 1password/load-secrets-action@<version>
        env:
          MULTILINE_SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/bcshnrykfwf5i5zm7nkqy63dca/notesPlain
      - name: Print environment variables with masked secrets
        run: printenv
      - name: Assert test secret values
        env:
          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
        run: ./tests/assert-env-set.sh
-  use-service-account-without-export-env:
+      - name: Remove secrets
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
-          export-env: false
+          unset-previous: true
      - name: Print environment variables with secrets removed
        run: printenv
      - name: Assert removed secrets
        run: ./tests/assert-env-unset.sh
      - name: Load secrets by vault and item titles
        uses: ./ # 1password/load-secrets-action@<version>
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://acceptance-tests/test-secret/password
          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
-      - name: Assert test secret values
+      - name: Print environment variables with masked secrets
-        env:
+        run: printenv
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
+      - name: Assert test secret values again
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
        run: ./tests/assert-env-set.sh
  use-service-account-with-export-env:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://acceptance-tests/test-secret/password
          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
      - name: Assert test secret values
        run: ./tests/assert-env-set.sh
  use-service-account-with-references-with-id:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          export-env: false
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
      - name: Assert test secret values
        env:
          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
        run: ./tests/assert-env-set.sh
  run-on-macos-12:
    runs-on: macos-12
    steps:
      - uses: actions/checkout@v2
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          export-env: false
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://acceptance-tests/test-secret/password
          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
      - name: Assert test secret values
        env:
          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
        run: ./tests/assert-env-set.sh
--- a/.gitignore
+++ b/.gitignore
@@ -1 +0,0 @@
 node_modules/
--- a/README.md
+++ b/README.md
@@ -1,110 +1,11 @@
 # Load Secrets from 1Password - GitHub Action
-This action loads secrets from 1Password into GitHub Actions using [1Password Connect](https://1password.com/secrets/).
+The action to load secrets from [1Password Connect](https://1password.com/secrets/) into GitHub Actions.
 Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
 Read more on the [1Password Developer Portal](https://developer.1password.com/ci-cd/github-actions).
 ## Requirements
 Before you get started, you'll need to:
 - [Deploy 1Password Connect](/docs/connect/get-started#step-2-deploy-1password-connect-server) in your infrastructure.
 - Set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables to your Connect instance's credentials, so it'll be used to load secrets.
 _Supported runners_: You can run the action on Mac and Linux runners. Windows is currently not supported.
 Specify right from your workflow YAML which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
 ## Usage
 You can configure the action to use your 1Password Connect instance.
 If you provide `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables, the Connect instance will be used to load secrets. Make sure [1Password Connect](https://support.1password.com/secrets-automation/#step-2-deploy-a-1password-connect-server) is deployed in your infrastructure.
 There are two ways that secrets can be loaded:
 - [use the secrets from the action's ouput](#use-secrets-from-the-actions-output)
 - [export secrets as environment variables](#export-secrets-as-environment-variables)
 ### Use secrets from the action's output
 This method allows for you to use the loaded secrets as an output from the step: `steps.step-id.outputs.secret-name`. You will need to set an id for the step that uses this action to be able to access its outputs. For more details, , see [`outputs.<output_id>`](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id).
 ```yml
 on: push
 jobs:
  hello-world:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Load secret
        id: op-load-secret
        uses: 1password/load-secrets-action@v1
        with:
          export-env: false
        env:
          OP_CONNECT_HOST: <Your Connect instance URL>
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret
      - name: Print masked secret
        run: echo "Secret: ${{ steps.op-load-secret.outputs.SECRET }}"
        # Prints: Secret: ***
 ```
 <details>
 <summary><b>Longer usage example</b></summary>
 ```yml
 on: push
 name: Deploy app
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Configure 1Password Connect
        uses: 1password/load-secrets-action/configure@v1
        with:
          # Persist the 1Password Connect URL for next steps. You can also persist
          # the Connect token using input `connect-token`, but keep in mind that
          # every single step in the job would then be able to access the token.
          connect-host: https://1password.acme.com
      - name: Load Docker credentials
        id: load-docker-credentials
        uses: 1password/load-secrets-action@v1
        with:
          export-env: false
        env:
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
          DOCKERHUB_USERNAME: op://app-cicd/docker/username
          DOCKERHUB_TOKEN: op://app-cicd/docker/token
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ steps.load-docker-credentials.outputs.DOCKERHUB_USERNAME }}
          password: ${{ steps.load-docker-credentials.outputs.DOCKERHUB_TOKEN }}
      - name: Build and push Docker image
        uses: docker/build-push-action@v2
        with:
          push: true
          tags: acme/app:latest
 ```
 </details>
 ### Export secrets as environment variables
 This method, allows the action to access the loaded secrets as environment variables. These environment variables are accessible at a job level.
 ```yml
 on: push
 jobs:
@@ -115,9 +16,6 @@ jobs:
      - name: Load secret
        uses: 1password/load-secrets-action@v1
        with:
          # Export loaded secrets as environment variables
          export-env: true
        env:
          OP_CONNECT_HOST: <Your Connect instance URL>
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
@@ -127,7 +25,6 @@ jobs:
        run: echo "Secret: $SECRET"
        # Prints: Secret: ***
 ```
 <details>
 <summary><b>Longer usage example</b></summary>
@@ -151,9 +48,6 @@ jobs:
      - name: Load Docker credentials
        uses: 1password/load-secrets-action@v1
        with:
          # Export loaded secrets as environment variables
          export-env: true
        env:
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
          DOCKERHUB_USERNAME: op://app-cicd/docker/username
@@ -177,8 +71,6 @@ jobs:
      - name: Load AWS credentials
        uses: 1password/load-secrets-action@v1
        with:
          # Export loaded secrets as environment variables
          export-env: true
          # Remove local copies of the Docker credentials, which are not needed anymore
          unset-previous: true
        env:
@@ -191,14 +83,12 @@ jobs:
        # done automatically by the step above
        run: ./deploy.sh
 ```
 </details>
 ## Action Inputs
-| Name             | Default | Description                                                                        |
+| Name | Default | Description |
-| ---------------- | ------- | ---------------------------------------------------------------------------------- |
+|---|---|---|
 | `export-env`     | `true`  | Export the loaded secrets as environment variables                                 |
 | `unset-previous` | `false` | Whether to unset environment variables populated by 1Password in earlier job steps |
 ## Secrets Reference Syntax
@@ -210,21 +100,23 @@ These reference URIs have the following syntax:
 > `op://<vault>/<item>[/<section>]/<field>`
 So for example, the reference URI `op://app-cicd/aws/secret-access-key` would be interpreted as:
-
+  * **Vault:** `app-cicd`
- **Vault:** `app-cicd`
+  * **Item:** `aws`
- **Item:** `aws`
+  * **Section:** default section
- **Section:** default section
+  * **Field:** `secret-access-key`
 - **Field:** `secret-access-key`
 ## Masking
-Similar to regular GitHub repository secrets, fields from 1Password will automatically be masked from the GitHub Actions logs too.
+Similar to regular GitHub repository secrets, secret fields from 1Password will automatically be masked from the GitHub Actions logs too.
 A 1Password field is considered 'secret' when it's marked as concealed (which shows as `•••••••` in the 1Password GUI) or when it's a secure note.
 So if one of these values accidentally gets printed, it'll get replaced with `***`.
-## 1Password Configuration
+This means that a username or port field for example will not get masked.
-To use the action with Connect, you need to have a [1Password Connect](https://support.1password.com/secrets-automation/#step-1-set-up-a-secrets-automation-workflow) instance deployed somewhere.
+## 1Password Connect Configuration
-To configure the action with your Connect host and token, set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables.  
+
 To use the action, you need to have a [1Password Connect](https://support.1password.com/secrets-automation/#step-1-set-up-a-secrets-automation-workflow) instance deployed somewhere.
 To configure the action with your Connect URL and a Connect token, you can set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables.
 If you're using the `load-secrets` action more than once in a single job, you can use the `configure` action to avoid duplicate configuration:
@@ -241,6 +133,7 @@ jobs:
        with:
          connect-host: <Your Connect instance URL>
          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
      - name: Load secret
        uses: 1password/load-secrets-action@v1
        env:
@@ -249,23 +142,11 @@ jobs:
 ### `configure` Action Inputs
-| Name                    | Default | Environment variable       | Description                                              |
+| Name | Default | Environment variable | Description |
-| ----------------------- | ------- | -------------------------- | -------------------------------------------------------- |
+|---|---|---|---|
-| `connect-host`          |         | `OP_CONNECT_HOST`          | Your 1Password Connect instance URL                      |
+| `connect-host` | | `OP_CONNECT_HOST` | Your 1Password Connect instance URL |
-| `connect-token`         |         | `OP_CONNECT_TOKEN`         | Token to authenticate to your 1Password Connect instance |
+| `connect-token` | | `OP_CONNECT_TOKEN` | Token to authenticate to your 1Password Connect instance |
 ## Supported Runners
 You can run the action on Linux and macOS runners. Windows is currently not supported.
 ## Security
 1Password requests you practice responsible disclosure if you discover a vulnerability.
 Please file requests via [**BugCrowd**](https://bugcrowd.com/agilebits).
 For information about security practices, please visit our [Security homepage](https://bugcrowd.com/agilebits).
 ## Getting help
 If you find yourself stuck, visit our [**Support Page**](https://support.1password.com/) for help.
--- a/action.yml
+++ b/action.yml
@@ -8,9 +8,10 @@ inputs:
  unset-previous:
    description: Whether to unset environment variables populated by 1Password in earlier job steps
    default: false
  export-env:
    description: Export the secrets as environment variables
    default: true
 runs:
-  using: 'node16'
+  using: composite
-  main: 'dist/index.js'
+  steps: 
    - run: |
        export INPUT_UNSET_PREVIOUS=${{ inputs.unset-previous }}
        ${{ github.action_path }}/entrypoint.sh
      shell: bash
--- a/configure/action.yml
+++ b/configure/action.yml
@@ -1,20 +1,31 @@
-name: Configure 1Password Connect and service account
+name: Configure 1Password Connect
-description: Persist 1Password Connect host, token and service account for use in next steps.
+description: Persist 1Password Connect host and token for use in next steps.
 author: 1Password
 inputs:
  connect-host:
    description: Your 1Password Connect instance URL
  connect-token:
    description: Token to authenticate to your 1Password Connect instance
-  service-account-token:
+  use-connect:
-    description: Your 1Password service account token
+    description: Use Connect for fetching secrets
  user-domain:
    description: Your sign-in address
  user-email:
    description: Your account email
  user-key:
    description: Your Account secret key
  user-pwd:
    description: Your Master Password
 runs:
  using: composite
  steps: 
-    - shell: bash
+    - run: |
-      env:
+        export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
-        INPUT_CONNECT_HOST: ${{ inputs.connect-host }}
+        export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
-        INPUT_CONNECT_TOKEN: ${{ inputs.connect-token }}
+        export INPUT_USE_CONNECT=${{ inputs.use-connect }}
-        INPUT_SERVICE_ACCOUNT_TOKEN: ${{ inputs.service-account-token }}
+        export INPUT_USER_DOMAIN=${{ inputs.user-domain }}
-      run: |
+        export INPUT_USER_EMAIL=${{ inputs.user-email }}
        export INPUT_USER_KEY=${{ inputs.user-key }}
        export INPUT_USER_PWD=${{ inputs.user-pwd }}
        ${{ github.action_path }}/entrypoint.sh
      shell: bash
--- a/configure/entrypoint.sh
+++ b/configure/entrypoint.sh
@@ -15,7 +15,27 @@ if [ -n "$OP_CONNECT_TOKEN" ]; then
  echo "OP_CONNECT_TOKEN=$OP_CONNECT_TOKEN" >> $GITHUB_ENV
 fi
-OP_SERVICE_ACCOUNT_TOKEN="${INPUT_SERVICE_ACCOUNT_TOKEN:-$OP_SERVICE_ACCOUNT_TOKEN}"
+USE_CONNECT="${INPUT_USE_CONNECT:-$USE_CONNECT}"
-if [ -n "$OP_SERVICE_ACCOUNT_TOKEN" ]; then
+if [ -n "$USE_CONNECT" ]; then
-  echo "OP_SERVICE_ACCOUNT_TOKEN=$OP_SERVICE_ACCOUNT_TOKEN" >> $GITHUB_ENV
+  echo "USE_CONNECT=$USE_CONNECT" >> $GITHUB_ENV
 fi
 OP_USER_DOMAIN="${INPUT_USER_DOMAIN:-$OP_USER_DOMAIN}"
 if [ -n "$OP_USER_DOMAIN" ]; then
  echo "OP_USER_DOMAIN=$OP_USER_DOMAIN" >> $GITHUB_ENV
 fi
 OP_USER_EMAIL="${INPUT_USER_EMAIL:-$OP_USER_EMAIL}"
 if [ -n "$OP_USER_EMAIL" ]; then
  echo "OP_USER_EMAIL=$OP_USER_EMAIL" >> $GITHUB_ENV
 fi
 OP_USER_KEY="${INPUT_USER_KEY:-$OP_USER_KEY}"
 if [ -n "$OP_USER_KEY" ]; then
  echo "OP_USER_KEY=$OP_USER_KEY" >> $GITHUB_ENV
 fi
 OP_USER_PWD="${INPUT_USER_PWD:-$OP_USER_PWD}"
 if [ -n "$OP_USER_PWD" ]; then
  echo "OP_USER_PWD=$OP_USER_PWD" >> $GITHUB_ENV
 fi
--- a/dist/index.js
+++ b/dist/index.js
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,57 +2,53 @@
 # shellcheck disable=SC2046,SC2001,SC2086
 set -e
-# Pass User-Agent Inforomation to the 1Password CLI
+# Install op-cli
-export OP_INTEGRATION_NAME="1Password GitHub Action"
+curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-"
-export OP_INTEGRATION_ID="GHA"
+unzip -od /usr/local/bin/ op.zip && rm op.zip
 export OP_INTEGRATION_BUILDNUMBER="1010001"
-readonly CONNECT="CONNECT"
+if [ -z "$USE_CONNECT" ]; then
-readonly SERVICE_ACCOUNT="SERVICE_ACCOUNT"
+  if [ -z "$OP_USER_DOMAIN" ] || [ -z "$OP_USER_EMAIL" ] || [ -z "$OP_USER_KEY" ] || [ -z "$OP_USER_PWD" ]; then
    echo "\$OP_USER_DOMAIN, \$OP_USER_EMAIL, \$OP_USER_KEY and \$OP_USER_PWD must be set"
    exit 1
  fi
-auth_type=$CONNECT
+  export OP_DEVICE=ugsqksnl4o6f2uwkyeibhqpony
-managed_variables_var="OP_MANAGED_VARIABLES"
+  eval $(printenv OP_USER_PWD | op signin "$OP_USER_DOMAIN" "$OP_USER_EMAIL" "$OP_USER_KEY")
-IFS=','
+else
-
+  if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
-if [[ "$OP_CONNECT_HOST" != "http://"* ]] && [[ "$OP_CONNECT_HOST" != "https://"* ]]; then
+    echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set"
-  export OP_CONNECT_HOST="http://"$OP_CONNECT_HOST
+    exit 1
  fi
 fi
 managed_variables_var="OP_MANAGED_VARIABLES"
 IFS=',' read -r -a managed_variables <<< "$(printenv $managed_variables_var)"
 # Unset all secrets managed by 1Password if `unset-previous` is set.
-unset_prev_secrets() {
+if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
-  if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
+  echo "Unsetting previous values..."
    echo "Unsetting previous values..."
-    # Find environment variables that are managed by 1Password.
+  # Find environment variables that are managed by 1Password.
-    for env_var in "${managed_variables[@]}"; do
+  for env_var in "${managed_variables[@]}"; do
-      echo "Unsetting $env_var"
+    echo "Unsetting $env_var"
-      unset $env_var
+    unset $env_var
-      echo "$env_var=" >> $GITHUB_ENV
+    echo "$env_var=" >> $GITHUB_ENV
-      # Keep the masks, just in case.
+    # Keep the masks, just in case.
-    done
+  done
-    managed_variables=()
+  managed_variables=()
-  fi
+fi
 }
-# Install op-cli
+# Iterate over environment varables to find 1Password references, load the secret values, 
-install_op_cli() {
+# and make them available as environment variables in the next steps.
-  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+IFS=$'\n'
-    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v2.10.0-beta.02/op_linux_amd64_v2.10.0-beta.02.zip"
+for env_var in $(op list envars); do
-    unzip -od /usr/local/bin/ op.zip && rm op.zip
+  ref=$(printenv $env_var)
  elif [[ "$OSTYPE" == "darwin"* ]]; then
    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/v2.10.0-beta.02/op_apple_universal_v2.10.0-beta.02.pkg"
    sudo installer -pkg op.pkg -target /usr/local/bin/ && rm op.pkg
  fi
 }
-populating_secret() {
+  echo "Populating variable: $env_var"
-  ref=$(printenv $1)
+  secret_value=$(op read $ref)
  echo "Populating variable: $1"
  secret_value=$(op read "$ref")
  if [ -z "$secret_value" ]; then
    echo "Could not find or access secret $ref"
@@ -72,57 +68,22 @@ populating_secret() {
  done
  unset IFS
-  if [ "$INPUT_EXPORT_ENV" == "true" ]; then
+  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
-    # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
+  # As the heredoc identifier, we'll use a randomly generated 64-character string,
-    # As the heredoc identifier, we'll use a randomly generated 64-character string,
+  # so that collisions are practically impossible.
-    # so that collisions are practically impossible.
+  random_heredoc_identifier=$(openssl rand -hex 16)
    random_heredoc_identifier=$(openssl rand -hex 32)
-    {
+  {
-      # Populate env var, using heredoc syntax with generated identifier
+    # Populate env var, using heredoc syntax with generated identifier
-      echo "$env_var<<${random_heredoc_identifier}"
+    echo "$env_var<<${random_heredoc_identifier}"
-      echo "$secret_value"
+    echo "$secret_value"
-      echo "${random_heredoc_identifier}"
+    echo "${random_heredoc_identifier}"
-    } >> $GITHUB_ENV
+  } >> $GITHUB_ENV
    echo "GITHUB_ENV: $(cat $GITHUB_ENV)"
  else
    # Prepare the secret_value to be outputed properly (especially multiline secrets)
    secret_value=$(echo "$secret_value" | awk -v ORS='%0A' '1')
    echo "::set-output name=$env_var::$secret_value"
  fi
  managed_variables+=("$env_var")
-}
+done
 # Load environment variables using op cli. Iterate over them to find 1Password references, load the secret values,
 # and make them available as environment variables in the next steps.
 extract_secrets() {
  IFS=$'\n'
  for env_var in $(op env ls); do
    populating_secret $env_var
  done
 }
 read -r -a managed_variables <<< "$(printenv $managed_variables_var)"
 if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
  if [ -z "$OP_SERVICE_ACCOUNT_TOKEN" ]; then
    echo "(\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST) or \$OP_SERVICE_ACCOUNT_TOKEN must be set"
    exit 1
  fi
  auth_type=$SERVICE_ACCOUNT
 fi
 printf "Authenticated with %s \n" $auth_type
 unset_prev_secrets
 install_op_cli
 extract_secrets
 unset IFS
 # Add extra env var that lists which secrets are managed by 1Password so that in a later step
 # these can be unset again.
 managed_variables_str=$(IFS=','; echo "${managed_variables[*]}")
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,156 +0,0 @@
 {
  "name": "load-secrets-action",
  "version": "1.1.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "load-secrets-action",
      "version": "1.1.0",
      "license": "MIT",
      "dependencies": {
        "@actions/core": "^1.9.1",
        "@actions/exec": "^1.1.1"
      },
      "devDependencies": {
        "@types/node": "^18.7.14",
        "@vercel/ncc": "^0.34.0",
        "typescript": "^4.8.2"
      }
    },
    "node_modules/@actions/core": {
      "version": "1.9.1",
      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
      "dependencies": {
        "@actions/http-client": "^2.0.1",
        "uuid": "^8.3.2"
      }
    },
    "node_modules/@actions/exec": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
      "dependencies": {
        "@actions/io": "^1.0.1"
      }
    },
    "node_modules/@actions/http-client": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
      "dependencies": {
        "tunnel": "^0.0.6"
      }
    },
    "node_modules/@actions/io": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.1.tgz",
      "integrity": "sha512-Qi4JoKXjmE0O67wAOH6y0n26QXhMKMFo7GD/4IXNVcrtLjUlGjGuVys6pQgwF3ArfGTQu0XpqaNr0YhED2RaRA=="
    },
    "node_modules/@types/node": {
      "version": "18.7.14",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.14.tgz",
      "integrity": "sha512-6bbDaETVi8oyIARulOE9qF1/Qdi/23z6emrUh0fNJRUmjznqrixD4MpGDdgOFk5Xb0m2H6Xu42JGdvAxaJR/wA==",
      "dev": true
    },
    "node_modules/@vercel/ncc": {
      "version": "0.34.0",
      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
      "dev": true,
      "bin": {
        "ncc": "dist/ncc/cli.js"
      }
    },
    "node_modules/tunnel": {
      "version": "0.0.6",
      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
      "engines": {
        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
      }
    },
    "node_modules/typescript": {
      "version": "4.8.2",
      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.2.tgz",
      "integrity": "sha512-C0I1UsrrDHo2fYI5oaCGbSejwX4ch+9Y5jTQELvovfmFkK3HHSZJB8MSJcWLmCUBzQBchCrZ9rMRV6GuNrvGtw==",
      "dev": true,
      "bin": {
        "tsc": "bin/tsc",
        "tsserver": "bin/tsserver"
      },
      "engines": {
        "node": ">=4.2.0"
      }
    },
    "node_modules/uuid": {
      "version": "8.3.2",
      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
      "bin": {
        "uuid": "dist/bin/uuid"
      }
    }
  },
  "dependencies": {
    "@actions/core": {
      "version": "1.9.1",
      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
      "requires": {
        "@actions/http-client": "^2.0.1",
        "uuid": "^8.3.2"
      }
    },
    "@actions/exec": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
      "requires": {
        "@actions/io": "^1.0.1"
      }
    },
    "@actions/http-client": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
      "requires": {
        "tunnel": "^0.0.6"
      }
    },
    "@actions/io": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.1.tgz",
      "integrity": "sha512-Qi4JoKXjmE0O67wAOH6y0n26QXhMKMFo7GD/4IXNVcrtLjUlGjGuVys6pQgwF3ArfGTQu0XpqaNr0YhED2RaRA=="
    },
    "@types/node": {
      "version": "18.7.14",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.14.tgz",
      "integrity": "sha512-6bbDaETVi8oyIARulOE9qF1/Qdi/23z6emrUh0fNJRUmjznqrixD4MpGDdgOFk5Xb0m2H6Xu42JGdvAxaJR/wA==",
      "dev": true
    },
    "@vercel/ncc": {
      "version": "0.34.0",
      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
      "dev": true
    },
    "tunnel": {
      "version": "0.0.6",
      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
    },
    "typescript": {
      "version": "4.8.2",
      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.2.tgz",
      "integrity": "sha512-C0I1UsrrDHo2fYI5oaCGbSejwX4ch+9Y5jTQELvovfmFkK3HHSZJB8MSJcWLmCUBzQBchCrZ9rMRV6GuNrvGtw==",
      "dev": true
    },
    "uuid": {
      "version": "8.3.2",
      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
    }
  }
 }
--- a/package.json
+++ b/package.json
@@ -1,37 +0,0 @@
 {
  "name": "load-secrets-action",
  "version": "1.1.0",
  "description": "Load Secrets from 1Password",
  "main": "dist/index.js",
  "directories": {
    "test": "tests"
  },
  "scripts": {
    "build": "ncc build src/index.ts"
  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/1Password/load-secrets-action.git"
  },
  "keywords": [
    "actions",
    "1password",
    "load secrets",
    "connect"
  ],
  "author": "1Password",
  "license": "MIT",
  "bugs": {
    "url": "https://github.com/1Password/load-secrets-action/issues"
  },
  "homepage": "https://github.com/1Password/load-secrets-action#readme",
  "dependencies": {
    "@actions/core": "^1.9.1",
    "@actions/exec": "^1.1.1"
  },
  "devDependencies": {
    "@types/node": "^18.7.14",
    "@vercel/ncc": "^0.34.0",
    "typescript": "^4.8.2"
  }
 }
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,21 +0,0 @@
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
 import path from 'path';
 async function run(): Promise<void> {
  try {
    const parentDir = path.resolve(__dirname, '..');
    // Get action inputs
    process.env.INPUT_UNSET_PREVIOUS = core.getInput('unset-previous');
    process.env.INPUT_EXPORT_ENV = core.getInput('export-env');
    // Execute bash script
    await exec.exec(`sh -c "` + parentDir + `/entrypoint.sh"`);
  } catch (error: any) {
    core.setFailed(error.message);
  }
 }
 run();
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -1,13 +0,0 @@
 {
    "compilerOptions": {
        "target": "es6",
        "module": "commonjs",
        "moduleResolution": "node",
        "outDir": "./dist",
        "rootDir": "./src",
        "strict": true,
        "noImplicitAny": true,
        "esModuleInterop": true
    },
    "exclude": ["node_modules"]
 }
Author	SHA1	Message	Date
Eddy Filip	cb23d65d8d	Add missing config for tests Some checks failed Run acceptance tests / test (push) Has been cancelled Details Run acceptance tests / test-user (push) Has been cancelled Details	2021-08-03 19:23:44 +02:00
Eddy Filip	adde26c41b	Fix lint	2021-08-03 19:18:04 +02:00
Eddy Filip	6bfaeeb67d	Enable the user to use the GitHub Action without Connect	2021-08-03 19:11:41 +02:00