From 0a7975f916547d98abb122787cff0eee67bd4fce Mon Sep 17 00:00:00 2001 From: Eduard Filip Date: Thu, 22 Dec 2022 11:46:28 +0100 Subject: [PATCH] Ensure that the action is backwards-compatible (#25) Bring 2 changes that ensure that the GitHub Action is backwards compatible: - Append `http://` if the prefix is not provided in the `OP_CONNECT_HOST` (this is caused by the fact that `curl` guesses the protocol if not provided (https://linux.die.net/man/1/curl), which we missed when switching to using the 1Password CLI as the backend of the action) - Set the default of export-env to true, since that was the default behavior of the action until we added the possibility to export secrets as step's output. Also, the documentation is adjusted to reflect these changes. --- .github/workflows/test.yml | 16 +++++++++++----- README.md | 6 +++++- action.yml | 2 +- entrypoint.sh | 4 ++++ 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c5b5f5c..695d547 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,11 +15,13 @@ jobs: - name: Configure 1Password Connect uses: ./configure # 1password/load-secrets-action/configure@ with: - connect-host: http://localhost:8080 + connect-host: localhost:8080 connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ + with: + export-env: false env: SECRET: op://acceptance-tests/test-secret/password SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password @@ -48,8 +50,6 @@ jobs: - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ - with: - export-env: true env: SECRET: op://acceptance-tests/test-secret/password SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password @@ -80,6 +80,8 @@ jobs: - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ + with: + export-env: false env: SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy @@ -97,6 +99,8 @@ jobs: - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ + with: + export-env: false env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} SECRET: op://acceptance-tests/test-secret/password @@ -115,8 +119,6 @@ jobs: - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ - with: - export-env: true env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} SECRET: op://acceptance-tests/test-secret/password @@ -131,6 +133,8 @@ jobs: - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ + with: + export-env: false env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password @@ -149,6 +153,8 @@ jobs: - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ + with: + export-env: false env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} SECRET: op://acceptance-tests/test-secret/password diff --git a/README.md b/README.md index f4a6827..82d588d 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ jobs: - name: Load secret id: op-load-secret uses: 1password/load-secrets-action@v1 + with: + export-env: false env: OP_CONNECT_HOST: OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} @@ -77,6 +79,8 @@ jobs: - name: Load Docker credentials id: load-docker-credentials uses: 1password/load-secrets-action@v1 + with: + export-env: false env: OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} DOCKERHUB_USERNAME: op://app-cicd/docker/username @@ -194,7 +198,7 @@ jobs: | Name | Default | Description | | ---------------- | ------- | ---------------------------------------------------------------------------------- | -| `export-env` | `false` | Export the loaded secrets as environment variables | +| `export-env` | `true` | Export the loaded secrets as environment variables | | `unset-previous` | `false` | Whether to unset environment variables populated by 1Password in earlier job steps | ## Secrets Reference Syntax diff --git a/action.yml b/action.yml index 0736f03..289571d 100644 --- a/action.yml +++ b/action.yml @@ -10,7 +10,7 @@ inputs: default: false export-env: description: Export the secrets as environment variables - default: false + default: true runs: using: 'node16' main: 'dist/index.js' diff --git a/entrypoint.sh b/entrypoint.sh index b3a346a..c391300 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -14,6 +14,10 @@ auth_type=$CONNECT managed_variables_var="OP_MANAGED_VARIABLES" IFS=',' +if [[ "$OP_CONNECT_HOST" != "http://"* ]] && [[ "$OP_CONNECT_HOST" != "https://"* ]]; then + export OP_CONNECT_HOST="http://"$OP_CONNECT_HOST +fi + # Unset all secrets managed by 1Password if `unset-previous` is set. unset_prev_secrets() { if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then