From 28929d6a8a305eed06d09c9736d3e8bf02d368fc Mon Sep 17 00:00:00 2001 From: Danilo Koerber Date: Tue, 12 Mar 2024 12:40:59 +0100 Subject: [PATCH 1/7] Enabled conversion of value to base64 --- README.md | 34 +++++++++++++++++++++++----------- __tests__/main.test.ts | 21 ++++++++++++++++++--- package.json | 3 ++- src/main.ts | 9 ++++++++- 4 files changed, 51 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 61a9e28..06b70f2 100644 --- a/README.md +++ b/README.md @@ -75,11 +75,11 @@ Exclude defined secret(s) from list of secrets (comma separated, supports regex) ```yaml steps: -- uses: actions/checkout@v3 -- uses: oNaiPs/secrets-to-env-action@v1 - with: - secrets: ${{ toJSON(secrets) }} - exclude: MY_SECRET, MY_OTHER_SECRETS* + - uses: actions/checkout@v3 + - uses: oNaiPs/secrets-to-env-action@v1 + with: + secrets: ${{ toJSON(secrets) }} + exclude: MY_SECRET, MY_OTHER_SECRETS* # MY_SECRET is not exported ``` @@ -134,7 +134,7 @@ Value of MY_SECRET: DONT_OVERRIDE Converts all exported secrets according to a [template](https://github.com/blakeembrey/change-case#core). Available: `lower, upper, camel, constant, pascal, snake`. - + ```yaml steps: - uses: actions/checkout@v3 @@ -147,17 +147,29 @@ steps: **Include or skip the prefix on conversion (default is true):** +```yaml +steps: + - uses: actions/checkout@v3 + - uses: oNaiPs/secrets-to-env-action@v1 + with: + secrets: ${{ toJSON(secrets) }} + prefix: PREFIX_ + convert: lower + convert_prefix: false + - run: env +# E.g. secret with MY_SECRET would become PREFIX_my_secret +``` + +**Converts all exported secrets to a base64 string (default is false):** + ```yaml steps: - uses: actions/checkout@v3 - uses: oNaiPs/secrets-to-env-action@v1 with: secrets: ${{ toJSON(secrets) }} - prefix: PREFIX_ - convert: lower - convert_prefix: false -- run: env -# E.g. secret with MY_SECRET would become PREFIX_my_secret + value_as_base64: true +- run: echo "Value of my_secret: $my_secret" ``` ## How it works diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts index df516a9..d01965e 100644 --- a/__tests__/main.test.ts +++ b/__tests__/main.test.ts @@ -1,7 +1,5 @@ -import * as cp from 'child_process' -import * as path from 'path' -import {expect, jest, test} from '@jest/globals' import * as core from '@actions/core' +import {expect, jest} from '@jest/globals' import main from '../src/main' jest.mock('@actions/core') @@ -18,6 +16,7 @@ function mockInputs(inputs: {[key: string]: string}) { describe('secrets-to-env-action', () => { let inputSecrets: {[key: string]: string} + let inputSecretsBase64: {[key: string]: string} let newSecrets: {[key: string]: string} beforeEach(() => { @@ -27,6 +26,12 @@ describe('secrets-to-env-action', () => { my_low_secret_1: 'low_value_1' } + inputSecretsBase64 = { + MY_SECRET_1: 'VkFMVUVfMQ==', + MY_SECRET_2: 'VkFMVUVfMg==', + my_low_secret_1: 'bG93X3ZhbHVlXzE=' + } + newSecrets = {} jest .mocked(core.exportVariable) @@ -243,4 +248,14 @@ describe('secrets-to-env-action', () => { expect(newSecrets).toEqual(filteredNewSecrets) }) + + it('converts to base64', () => { + mockInputs({ + secrets: JSON.stringify(inputSecrets), + value_as_base64: 'true' + }) + main() + + expect(newSecrets).toEqual(inputSecretsBase64) + }) }) diff --git a/package.json b/package.json index dbe0c81..5e013e6 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,8 @@ "camel-case": "^4.1.2", "constant-case": "^3.0.4", "pascal-case": "^3.1.2", - "snake-case": "^3.0.4" + "snake-case": "^3.0.4", + "universal-base64": "^2.1.0" }, "devDependencies": { "@types/jest": "^29.5.11", diff --git a/src/main.ts b/src/main.ts index d5d69c4..c212355 100644 --- a/src/main.ts +++ b/src/main.ts @@ -4,6 +4,7 @@ import {camelCase} from 'camel-case' import {constantCase} from 'constant-case' import {pascalCase} from 'pascal-case' import {snakeCase} from 'snake-case' +import {encode} from 'universal-base64' const convertTypes: Record string> = { lower: s => s.toLowerCase(), @@ -34,6 +35,10 @@ export default async function run(): Promise { : true const overrideStr: string = core.getInput('override') const override = overrideStr.length ? overrideStr === 'true' : true + const valueAsBase64Str: string = core.getInput('value_as_base64') + const valueAsBase64 = valueAsBase64Str.length + ? valueAsBase64Str === 'true' + : false let secrets: Record try { @@ -99,7 +104,9 @@ with: } } - core.exportVariable(newKey, secrets[key]) + let newValue = valueAsBase64 ? encode(secrets[key]) : secrets[key] + + core.exportVariable(newKey, newValue) core.info(`Exported secret ${newKey}`) } } catch (error) { From 15e38cee7ea5379e233ec4514bcd1136e7f01baa Mon Sep 17 00:00:00 2001 From: Danilo Koerber Date: Tue, 12 Mar 2024 12:50:24 +0100 Subject: [PATCH 2/7] Clean code --- __tests__/main.test.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts index d01965e..d1558f4 100644 --- a/__tests__/main.test.ts +++ b/__tests__/main.test.ts @@ -1,5 +1,7 @@ +import * as cp from 'child_process' +import * as path from 'path' +import {expect, jest, test} from '@jest/globals' import * as core from '@actions/core' -import {expect, jest} from '@jest/globals' import main from '../src/main' jest.mock('@actions/core') From aab58b39bfaf170d2661bb3bece65f36ea45d0eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20K=C3=B6rber?= <58609588+danilokorber@users.noreply.github.com> Date: Tue, 12 Mar 2024 12:52:55 +0100 Subject: [PATCH 3/7] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 06b70f2..fb7479e 100644 --- a/README.md +++ b/README.md @@ -75,11 +75,11 @@ Exclude defined secret(s) from list of secrets (comma separated, supports regex) ```yaml steps: - - uses: actions/checkout@v3 - - uses: oNaiPs/secrets-to-env-action@v1 - with: - secrets: ${{ toJSON(secrets) }} - exclude: MY_SECRET, MY_OTHER_SECRETS* +- uses: actions/checkout@v3 +- uses: oNaiPs/secrets-to-env-action@v1 + with: + secrets: ${{ toJSON(secrets) }} + exclude: MY_SECRET, MY_OTHER_SECRETS* # MY_SECRET is not exported ``` @@ -134,7 +134,7 @@ Value of MY_SECRET: DONT_OVERRIDE Converts all exported secrets according to a [template](https://github.com/blakeembrey/change-case#core). Available: `lower, upper, camel, constant, pascal, snake`. - + ```yaml steps: - uses: actions/checkout@v3 From 988004feadd806082c97739b67de95d6ab33c5dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20K=C3=B6rber?= <58609588+danilokorber@users.noreply.github.com> Date: Tue, 12 Mar 2024 12:53:50 +0100 Subject: [PATCH 4/7] Update README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index fb7479e..735cd36 100644 --- a/README.md +++ b/README.md @@ -149,14 +149,14 @@ steps: ```yaml steps: - - uses: actions/checkout@v3 - - uses: oNaiPs/secrets-to-env-action@v1 - with: - secrets: ${{ toJSON(secrets) }} - prefix: PREFIX_ - convert: lower - convert_prefix: false - - run: env +- uses: actions/checkout@v3 +- uses: oNaiPs/secrets-to-env-action@v1 + with: + secrets: ${{ toJSON(secrets) }} + prefix: PREFIX_ + convert: lower + convert_prefix: false +- run: env # E.g. secret with MY_SECRET would become PREFIX_my_secret ``` From 878b31f44ff346e741f0c9d654cf35bd8581bb7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20K=C3=B6rber?= <58609588+danilokorber@users.noreply.github.com> Date: Tue, 12 Mar 2024 13:02:37 +0100 Subject: [PATCH 5/7] Update action.yml --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index 72782ec..2201ed1 100644 --- a/action.yml +++ b/action.yml @@ -23,6 +23,9 @@ inputs: override: required: false description: 'Either to override or not the variable if it already exists' + value_as_base64: + required: false + description: 'Either to convewrt or not the value to base64' runs: using: 'node20' main: 'dist/index.js' From 94ab4f8b40efeb077119c126f34c8add795040fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20K=C3=B6rber?= <58609588+danilokorber@users.noreply.github.com> Date: Tue, 12 Mar 2024 13:07:45 +0100 Subject: [PATCH 6/7] Update action.yml --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 2201ed1..3179de9 100644 --- a/action.yml +++ b/action.yml @@ -1,6 +1,6 @@ -name: 'Export all secrets to env variables' -description: 'Utility action that exports all github secrets to environment variables' -author: 'Jose Pereira @oNaiPs' +name: 'Export all variables from other contexts to env variables' +description: 'Utility action that exports all github secrets and vars to environment variables' +author: 'Danilo Körber' inputs: secrets: required: true From 77f1335d0a3c64751e8d43c426ec7a526668e0c8 Mon Sep 17 00:00:00 2001 From: Danilo Koerber Date: Tue, 12 Mar 2024 14:02:58 +0100 Subject: [PATCH 7/7] Change to NodeJS Buffer --- package.json | 3 +-- src/main.ts | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 5e013e6..dbe0c81 100644 --- a/package.json +++ b/package.json @@ -29,8 +29,7 @@ "camel-case": "^4.1.2", "constant-case": "^3.0.4", "pascal-case": "^3.1.2", - "snake-case": "^3.0.4", - "universal-base64": "^2.1.0" + "snake-case": "^3.0.4" }, "devDependencies": { "@types/jest": "^29.5.11", diff --git a/src/main.ts b/src/main.ts index c212355..519fd86 100644 --- a/src/main.ts +++ b/src/main.ts @@ -4,7 +4,6 @@ import {camelCase} from 'camel-case' import {constantCase} from 'constant-case' import {pascalCase} from 'pascal-case' import {snakeCase} from 'snake-case' -import {encode} from 'universal-base64' const convertTypes: Record string> = { lower: s => s.toLowerCase(), @@ -104,7 +103,9 @@ with: } } - let newValue = valueAsBase64 ? encode(secrets[key]) : secrets[key] + let newValue = valueAsBase64 + ? Buffer.from(secrets[key]).toString('base64') + : secrets[key] core.exportVariable(newKey, newValue) core.info(`Exported secret ${newKey}`)