name: Acceptance test on: workflow_call: inputs: secret: required: true type: string secret-in-section: required: true type: string multiline-secret: required: true type: string export-env: required: true type: boolean version: required: false type: string default: "latest" os: required: true type: string default: "ubuntu-latest" auth: required: true type: string jobs: acceptance-test: runs-on: ${{ inputs.os }} steps: - name: Base checkout uses: actions/checkout@v4 if: | github.event_name != 'repository_dispatch' && ( github.ref == 'refs/heads/main' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository ) ) - name: Fork based /ok-to-test checkout uses: actions/checkout@v4 with: ref: ${{ github.event.client_payload.pull_request.head.sha }} if: | github.event_name == 'repository_dispatch' && github.event.client_payload.slash_command.args.named.sha != '' && contains( github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha ) - name: Launch 1Password Connect instance if: ${{ inputs.auth == 'connect' }} env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 - name: Configure Service account if: ${{ inputs.auth == 'service-account' }} uses: ./configure with: service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: Verify Service Account env var is set if: ${{ inputs.auth == 'service-account' }} shell: bash run: | if [ -z "${OP_SERVICE_ACCOUNT_TOKEN}" ]; then echo "OP_SERVICE_ACCOUNT_TOKEN environment variable is not set" >&2 exit 1 fi - name: Configure 1Password Connect if: ${{ inputs.auth == 'connect' }} uses: ./configure # 1password/load-secrets-action/configure@ with: connect-host: http://localhost:8080 connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - name: Verify Connect env vars are set if: ${{ inputs.auth == 'connect' }} run: | if [ -z "$OP_CONNECT_HOST" ] || [ -z "$OP_CONNECT_TOKEN" ]; then echo "OP_CONNECT_HOST or OP_CONNECT_TOKEN environment variables are not set" >&2 exit 1 fi - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ with: version: ${{ inputs.version }} export-env: ${{ inputs.export-env }} env: SECRET: ${{ inputs.secret }} SECRET_IN_SECTION: ${{ inputs.secret-in-section }} MULTILINE_SECRET: ${{ inputs.multiline-secret }} - name: Assert test secret values [step output] if: ${{ !inputs.export-env }} env: SECRET: ${{ steps.load_secrets.outputs.SECRET }} SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh - name: Assert test secret values [exported env] if: ${{ inputs.export-env }} run: ./tests/assert-env-set.sh - name: Remove secrets [exported env] if: ${{ inputs.export-env }} uses: ./ # 1password/load-secrets-action@ with: unset-previous: true - name: Assert removed secrets [exported env] if: ${{ inputs.export-env }} run: ./tests/assert-env-unset.sh