teracyhq-incubator / secret-manager-action Goto Github PK
View Code? Open in Web Editor NEWa github action for secret management with encryption
License: MIT License
a github action for secret management with encryption
License: MIT License
the initial release is almost ready now https://github.com/teracyhq-incubator/secret-manager-action/milestone/1
ship it when it's ready
Sometimes I need to validate some key values, for example:
Validators can be plugin added in the future: required, isNumber, isBoolean, etc. (out of this issue scope), only required and regex validator is expected for this issue.
If any key values are not valid, the run step should fail with the invalid message of the associated key.
The github action input configuration could be like this:
validation: "FOO:required, BAR:/^\d+$/"
or:
validation: "FOO: required | /^\d+$/, BAR: required"
Pipeline is supported to add a chain of validators, there is no limit to use the pipeline. The key values will be validated again the validator of the pipeline chain from left to right, if any validation failed, the whole key-value valuation fails.
so that forked repo won't get failed even without requiring any secret config, however, currently, it requires github secret config to run.
We need to use docker-compose run CI/CD, build and publish docker images, etc.
protocol:
https://:location#:relative-file-path
git://:location#:relative-file-path
for example:
make sure to support different auth mechanisms for this protocol (basic auth, ssh, etc).
sometimes it's desired to skip the action if required inputs are not configured, this is especially helpful on forked repo when running github actions.
so let's add skip_allowed
option (true) by default.
if skip_allowed=true: when one of the required inputs is not configured, skip the run step.
if skip_allowed=false: when one of the required inputs is not configured, failed the run step.
sometimes I got the following similar errors:
##[error]Error: Command failed: cat /tmp/tmp-7-KO9Z5nBzpauj | gpg --quiet --batch --yes --decrypt --passphrase-fd=0 /tmp/tmp-7-xWWPkjYsReqI
gpg: Fatal: can't create directory '/github/home/.gnupg': File exists
this is used to dynamically to publish all available env vars, very useful when this kind of dynamic is required (the same behavior to gitlab env vars)
so that users can refer to the decrypted file on their repo (sometimes this is necessary) https://github.com/teracyhq-incubator/secret-manager-action/blob/develop/src/config.ts#L7-L11
file://:path
means relative path to the github_workspace
file:///:path
means the absolute path
see this line: https://github.com/teracyhq-incubator/secret-manager-action/blob/develop/src/config.ts#L165
You must create a secret named ACTIONS_STEP_DEBUG with the value true to see the debug messages.
expected: values should be masked, only exclude the values from unmasked_keys
actual: all the values were displayed without any mask
as it's usually to have more unmasked keys than masked keys, so it's more sensible to use masked_keys input to specify which keys to be masked. This will help us to use as little config as possible.
the http(s) protocol should be implemented: https://github.com/teracyhq-incubator/secret-manager-action/blob/develop/src/config.ts#L13-L17
fatal: detected dubious ownership in repository at '/github/workspace'
To add an exception for this directory, call:
Push to branch develop
git config --global --add safe.directory /github/workspace
see: https://github.com/teracyhq-incubator/secret-manager-action/actions/runs/3468478806/jobs/5794360939
it's ready
Error: Unable to process command '::set-env name=...' successfully.
Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
with updated changes to remove deprecated warnings from github actions
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.