diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 648232c9f..b82c8a9a9 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -18,9 +18,9 @@ inputs: required: false default: true outputs: - secrets: - description: "Secrets loaded from Secret Manager" - value: ${{ steps.secrets.outputs.secrets }} + secret-json-string: + description: "JSON string with all secrets" + value: ${{ toJSON(steps.secrets.outputs) }} runs: using: "composite" steps: @@ -31,7 +31,7 @@ runs: workload_identity_provider: ${{ inputs.workload-identity-provider }} service_account: ${{ inputs.gke-service-account }} - id: "parse_secrets" - uses: "bakdata/ci-templates/actions/parse-secrets-definitions@1.48.0" + uses: "bakdata/ci-templates/actions/gcp-gsm-parse-secrets@tiedemann/gsm-object-outputs-fix" with: project_name: ${{ inputs.gke-project-name }} secrets_list: ${{ inputs.secrets-to-inject }} diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 7694a30e7..814e864ce 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -1,4 +1,6 @@ FROM python:3-slim AS builder +WORKDIR /action/workspace/ + RUN pip install poetry==1.8.2 ENV POETRY_NO_INTERACTION=1 \ @@ -6,21 +8,8 @@ ENV POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_CREATE=1 \ POETRY_CACHE_DIR=/tmp/poetry_cache -WORKDIR /app -COPY pyproject.toml poetry.lock ./ -COPY main.py ./ +COPY pyproject.toml poetry.lock /action/workspace/ +COPY main.py /action/workspace/ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -# A distroless container image with Python and some basics like SSL certificates -# https://github.com/GoogleContainerTools/dis/i/itroless -FROM gcr.io/distroless/python3-debian12 - -ENV VIRTUAL_ENV=/app/.venv \ - PATH="/app/.venv/bin:$PATH" - -COPY --from=builder /app /app -COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV} - -WORKDIR /app -ENV PYTHONPATH /app -CMD ["/app/main.py"] \ No newline at end of file +CMD ["bash", "-c", "cd /action/workspace && poetry run python main.py"] diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index b67015c8f..c9b6b5db6 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -44,7 +44,7 @@ def parse_secret(secret, project_name, delim=DEFAULT_DELIMITER): out = f"{secret_name}:{project_name}/{components[0]}" if len(components) == 2 and len(components[1]) != 0: out += f"/{components[1]}" - return out + return out, secret_name def main( @@ -55,11 +55,21 @@ def main( # Deduplicate the input secrets input_secrets = set(input_secrets.splitlines()) - output = "" + output = [] + parsed_secret_names = [] for secret in input_secrets: - output += parse_secret(secret, gcp_project, github_output_delimter) + "\n" + parsed_secret, parsed_secret_name = parse_secret( + secret, gcp_project, github_output_delimter + ) + output.append(parsed_secret) + parsed_secret_names.append(parsed_secret_name) - set_github_action_output("secrets-list", output, github_output_delimter) + set_github_action_output( + "secrets-list", "\n".join(output) + "\n", github_output_delimter + ) + set_github_action_output( + "secret-names", ",".join(parsed_secret_names) + "\n", github_output_delimter + ) if __name__ == "__main__": diff --git a/actions/gcp-gsm-parse-secrets/tests.py b/actions/gcp-gsm-parse-secrets/tests.py index 66fee5679..32ca5c52f 100644 --- a/actions/gcp-gsm-parse-secrets/tests.py +++ b/actions/gcp-gsm-parse-secrets/tests.py @@ -2,17 +2,36 @@ from main import parse_secret + class TestParseSecret(unittest.TestCase): def test_parse_secret(self): - self.assertEqual(parse_secret("secret_name", "project_name"), "SECRET_NAME:project_name/secret_name") - self.assertEqual(parse_secret("secret_name/version", "project_name"), "SECRET_NAME:project_name/secret_name/version") - self.assertEqual(parse_secret("123-456", "project_name"), "123_456:project_name/123-456") - self.assertEqual(parse_secret("123___123___123", "project_name"), "123_123_123:project_name/123___123___123") - self.assertEqual(parse_secret("i-like_trains__why_this?", "project_name"), "I_LIKE_TRAINS_WHY_THIS:project_name/i-like_trains__why_this?") + self.assertEqual( + parse_secret("secret_name", "project_name")[0], + "SECRET_NAME:project_name/secret_name", + ) + self.assertEqual( + parse_secret("secret_name/version", "project_name")[0], + "SECRET_NAME:project_name/secret_name/version", + ) + self.assertEqual( + parse_secret("123-456", "project_name")[0], "123_456:project_name/123-456" + ) + self.assertEqual( + parse_secret("123___123___123", "project_name")[0], + "123_123_123:project_name/123___123___123", + ) + self.assertEqual( + parse_secret("i-like_trains__why_this?", "project_name")[0], + "I_LIKE_TRAINS_WHY_THIS:project_name/i-like_trains__why_this?", + ) def test_parse_secret_special(self): # FIXME: this test is failing and i dont know why - self.assertEqual(parse_secret("123&&123()123__123*__*_123", "project_name"), "123_123_123_123:project_name/123&&123()123__123*__*_123") + self.assertEqual( + parse_secret("123&&123()123__123*__*_123", "project_name")[0], + "123_123_123_123:project_name/123&&123()123__123*__*_123", + ) + -if __name__ == '__main__': - unittest.main() \ No newline at end of file +if __name__ == "__main__": + unittest.main() diff --git a/docs/actions/gcp-gsm-load-secrets/README.md b/docs/actions/gcp-gsm-load-secrets/README.md index 0d87d5967..ff712c0c3 100644 --- a/docs/actions/gcp-gsm-load-secrets/README.md +++ b/docs/actions/gcp-gsm-load-secrets/README.md @@ -47,9 +47,9 @@ To load a secret from GSM figure out the following: -| OUTPUT | TYPE | DESCRIPTION | -| ------- | ------ | ---------------------------------- | -| secrets | string | Secrets loaded from Secret Manager | +| OUTPUT | TYPE | DESCRIPTION | +| ------------------ | ------ | ---------------------------- | +| secret-json-string | string | JSON string with all secrets |