From 91a1fdded034537093e9a78e5b3f10a9dae93f71 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 10:22:38 +0100 Subject: [PATCH 01/38] fix: bump to 1.49.0 to avoid symlink issue --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 648232c9f..b622b8542 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -31,7 +31,7 @@ runs: workload_identity_provider: ${{ inputs.workload-identity-provider }} service_account: ${{ inputs.gke-service-account }} - id: "parse_secrets" - uses: "bakdata/ci-templates/actions/parse-secrets-definitions@1.48.0" + uses: "bakdata/ci-templates/actions/parse-secrets-definitions@1.49.0" with: project_name: ${{ inputs.gke-project-name }} secrets_list: ${{ inputs.secrets-to-inject }} From 94091855156f16745d6880cafd54ed0554acf14e Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 10:26:03 +0100 Subject: [PATCH 02/38] fix: update to new action name --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index b622b8542..a4e8c33bc 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -31,7 +31,7 @@ runs: workload_identity_provider: ${{ inputs.workload-identity-provider }} service_account: ${{ inputs.gke-service-account }} - id: "parse_secrets" - uses: "bakdata/ci-templates/actions/parse-secrets-definitions@1.49.0" + uses: "bakdata/ci-templates/actions/gcp-gsm-parse-secerts@1.49.0" with: project_name: ${{ inputs.gke-project-name }} secrets_list: ${{ inputs.secrets-to-inject }} From 4e67ea6a33dbc9a4c597323a983ac33b155b84f1 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 10:26:25 +0100 Subject: [PATCH 03/38] fix: use fixed branch --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index a4e8c33bc..fc45aadda 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -31,7 +31,7 @@ runs: workload_identity_provider: ${{ inputs.workload-identity-provider }} service_account: ${{ inputs.gke-service-account }} - id: "parse_secrets" - uses: "bakdata/ci-templates/actions/gcp-gsm-parse-secerts@1.49.0" + uses: "bakdata/ci-templates/actions/gcp-gsm-parse-secerts@tiedemann/gsm-object-outputs-fix" with: project_name: ${{ inputs.gke-project-name }} secrets_list: ${{ inputs.secrets-to-inject }} From ba110551764d5b89141b9e6ec781b79e798935a0 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 10:28:05 +0100 Subject: [PATCH 04/38] fix: learn how to write --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index fc45aadda..e3495c72d 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -31,7 +31,7 @@ runs: workload_identity_provider: ${{ inputs.workload-identity-provider }} service_account: ${{ inputs.gke-service-account }} - id: "parse_secrets" - uses: "bakdata/ci-templates/actions/gcp-gsm-parse-secerts@tiedemann/gsm-object-outputs-fix" + uses: "bakdata/ci-templates/actions/gcp-gsm-parse-secrets@tiedemann/gsm-object-outputs-fix" with: project_name: ${{ inputs.gke-project-name }} secrets_list: ${{ inputs.secrets-to-inject }} From 3bbd7e8c3841111d8bfa4f815a82e746599b38df Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:08:35 +0100 Subject: [PATCH 05/38] fix: make docker work --- actions/gcp-gsm-parse-secrets/Dockerfile | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 7694a30e7..2de5b9956 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -11,16 +11,4 @@ COPY pyproject.toml poetry.lock ./ COPY main.py ./ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -# A distroless container image with Python and some basics like SSL certificates -# https://github.com/GoogleContainerTools/dis/i/itroless -FROM gcr.io/distroless/python3-debian12 - -ENV VIRTUAL_ENV=/app/.venv \ - PATH="/app/.venv/bin:$PATH" - -COPY --from=builder /app /app -COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV} - -WORKDIR /app -ENV PYTHONPATH /app -CMD ["/app/main.py"] \ No newline at end of file +CMD ["poetry","run","python", "/app/main.py"] \ No newline at end of file From 33110a16f92589e330d3ecf76d108d84e5f45bc3 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:14:15 +0100 Subject: [PATCH 06/38] fix: workspace work differently in GH actions --- actions/gcp-gsm-parse-secrets/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 2de5b9956..b71c13a00 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -6,9 +6,10 @@ ENV POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_CREATE=1 \ POETRY_CACHE_DIR=/tmp/poetry_cache -WORKDIR /app +WORKDIR /github/workspace COPY pyproject.toml poetry.lock ./ COPY main.py ./ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -CMD ["poetry","run","python", "/app/main.py"] \ No newline at end of file +CMD ["poetry","run","python", "main.py"] +# CMD ["pwd"] \ No newline at end of file From 92024a19d6c81e891701bf0b4121ff3e682f7903 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:16:13 +0100 Subject: [PATCH 07/38] test: try without workspace --- actions/gcp-gsm-parse-secrets/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index b71c13a00..4fc0678a9 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -6,7 +6,6 @@ ENV POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_CREATE=1 \ POETRY_CACHE_DIR=/tmp/poetry_cache -WORKDIR /github/workspace COPY pyproject.toml poetry.lock ./ COPY main.py ./ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR From e8ae8ebeede5cd4b5be22eb6fdd1d7b902614e95 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:17:48 +0100 Subject: [PATCH 08/38] debug: weird gh actions env --- actions/gcp-gsm-parse-secrets/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 4fc0678a9..8e25574ea 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -10,5 +10,5 @@ COPY pyproject.toml poetry.lock ./ COPY main.py ./ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -CMD ["poetry","run","python", "main.py"] -# CMD ["pwd"] \ No newline at end of file +# CMD ["poetry","run","python", "main.py"] +CMD ["pwd", "&&", "ls", "-la"] From 32bca0f3bcf79094c0d4bbe73ec2c9b0aa46d353 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:19:41 +0100 Subject: [PATCH 09/38] debug: only pwd cuz i dont know how cmds work (i do but i forgor) --- actions/gcp-gsm-parse-secrets/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 8e25574ea..a8a49ffeb 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -11,4 +11,4 @@ COPY main.py ./ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR # CMD ["poetry","run","python", "main.py"] -CMD ["pwd", "&&", "ls", "-la"] +CMD ["pwd"] From 9491d0276119cf4ed2c79227c1144bb0d38ace42 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:23:46 +0100 Subject: [PATCH 10/38] debug: see i know how it works --- actions/gcp-gsm-parse-secrets/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index a8a49ffeb..b39bfc530 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -11,4 +11,4 @@ COPY main.py ./ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR # CMD ["poetry","run","python", "main.py"] -CMD ["pwd"] +CMD ["bash", "-c", "pwd && ls -la"] From bcc85b2a882de5100e92f71fbf71cb8f30660bfd Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:25:41 +0100 Subject: [PATCH 11/38] debug: set workdir again --- actions/gcp-gsm-parse-secrets/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index b39bfc530..edc197ae8 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -1,4 +1,6 @@ FROM python:3-slim AS builder +WORKDIR /github/workspace + RUN pip install poetry==1.8.2 ENV POETRY_NO_INTERACTION=1 \ From 4f904c8b677b88db1c0413a60600a8be298b2714 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:29:01 +0100 Subject: [PATCH 12/38] debug: try sth different --- actions/gcp-gsm-parse-secrets/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index edc197ae8..665863980 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -1,5 +1,5 @@ FROM python:3-slim AS builder -WORKDIR /github/workspace +WORKDIR /action/workspace/ RUN pip install poetry==1.8.2 @@ -8,9 +8,9 @@ ENV POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_CREATE=1 \ POETRY_CACHE_DIR=/tmp/poetry_cache -COPY pyproject.toml poetry.lock ./ -COPY main.py ./ +COPY pyproject.toml poetry.lock /action/workspace/ +COPY main.py /action/workspace/ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -# CMD ["poetry","run","python", "main.py"] -CMD ["bash", "-c", "pwd && ls -la"] +CMD ["poetry","run","python", "/action/workspace/main.py"] +# CMD ["bash", "-c", "pwd && ls -la"] From f22e071e7de6a19bfb76d1465416ccbe4b0d41dd Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:35:42 +0100 Subject: [PATCH 13/38] debug: try other random stuff --- actions/gcp-gsm-parse-secrets/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 665863980..3892c03c3 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -12,5 +12,5 @@ COPY pyproject.toml poetry.lock /action/workspace/ COPY main.py /action/workspace/ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -CMD ["poetry","run","python", "/action/workspace/main.py"] -# CMD ["bash", "-c", "pwd && ls -la"] +# CMD ["poetry","run","python", "/action/workspace/main.py"] +CMD ["bash", "-c", "pwd && ls -la /action/workspace && poetry run python /action/workspace/main.py"] From 1a8dd55017f392132fd54be359488066892a9f96 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 11:38:24 +0100 Subject: [PATCH 14/38] fix: cd into workdir because github madness --- actions/gcp-gsm-parse-secrets/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/Dockerfile b/actions/gcp-gsm-parse-secrets/Dockerfile index 3892c03c3..814e864ce 100644 --- a/actions/gcp-gsm-parse-secrets/Dockerfile +++ b/actions/gcp-gsm-parse-secrets/Dockerfile @@ -12,5 +12,4 @@ COPY pyproject.toml poetry.lock /action/workspace/ COPY main.py /action/workspace/ RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR -# CMD ["poetry","run","python", "/action/workspace/main.py"] -CMD ["bash", "-c", "pwd && ls -la /action/workspace && poetry run python /action/workspace/main.py"] +CMD ["bash", "-c", "cd /action/workspace && poetry run python main.py"] From 0d3bdc28fc813632261e2907c86a407e76d83768 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Tue, 26 Nov 2024 23:43:02 +0100 Subject: [PATCH 15/38] fix: stringify secret outputs --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index e3495c72d..dcfb136ad 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -20,7 +20,7 @@ inputs: outputs: secrets: description: "Secrets loaded from Secret Manager" - value: ${{ steps.secrets.outputs.secrets }} + value: ${{ toJSON(steps.secrets.outputs.secrets) }} runs: using: "composite" steps: From 0f83dc162d1f8550360c89d931e678d7b2463f16 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 00:38:34 +0100 Subject: [PATCH 16/38] fix: dont use secret subobject --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index dcfb136ad..a7cbe3751 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -20,7 +20,7 @@ inputs: outputs: secrets: description: "Secrets loaded from Secret Manager" - value: ${{ toJSON(steps.secrets.outputs.secrets) }} + value: ${{ steps.secrets.outputs }} runs: using: "composite" steps: From 337eaefeac41bb2e66914fe826382e9d855a1da8 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 00:43:15 +0100 Subject: [PATCH 17/38] fix: try again with JSON --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index a7cbe3751..0ff1dde10 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -20,7 +20,7 @@ inputs: outputs: secrets: description: "Secrets loaded from Secret Manager" - value: ${{ steps.secrets.outputs }} + value: ${{ toJSON(steps.secrets.outputs)}} runs: using: "composite" steps: From 66f4c248de500923aa5eeb2bacd7fa2df27236c7 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:27:23 +0100 Subject: [PATCH 18/38] fix: secret plumbing --- actions/gcp-gsm-load-secrets/action.yaml | 11 ++++++++--- actions/gcp-gsm-parse-secrets/main.py | 12 ++++++++++-- docs/actions/gcp-gsm-load-secrets/README.md | 6 +++--- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 0ff1dde10..5acff86dd 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -18,9 +18,9 @@ inputs: required: false default: true outputs: - secrets: - description: "Secrets loaded from Secret Manager" - value: ${{ toJSON(steps.secrets.outputs)}} + secret-names: + description: "Comma-separated list of secret names" + value: ${{ steps.parse_secrets.outputs.secret-names }} runs: using: "composite" steps: @@ -40,3 +40,8 @@ runs: with: secrets: ${{ steps.parse_secrets.outputs.secrets-list }} export_to_environment: ${{ inputs.export-to-environment }} + - name: "Set outputs" + run: | + for secret in $(echo "${{ steps.parse_secrets.outputs.secret-names }}" | sed "s/,/ /g"); do + echo "${secret}=${{ steps.secrets.outputs.${secret} }}" >> $GITHUB_OUTPUT + done diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index b67015c8f..dda015200 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -44,7 +44,7 @@ def parse_secret(secret, project_name, delim=DEFAULT_DELIMITER): out = f"{secret_name}:{project_name}/{components[0]}" if len(components) == 2 and len(components[1]) != 0: out += f"/{components[1]}" - return out + return out, secret_name def main( @@ -56,10 +56,18 @@ def main( input_secrets = set(input_secrets.splitlines()) output = "" + parsed_secret_names = [] for secret in input_secrets: - output += parse_secret(secret, gcp_project, github_output_delimter) + "\n" + parsed_secret, parsed_secret_name = ( + parse_secret(secret, gcp_project, github_output_delimter) + "\n" + ) + output += parsed_secret + parsed_secret_names.append(parsed_secret_name) set_github_action_output("secrets-list", output, github_output_delimter) + set_github_action_output( + "secret-names", ",".join(parsed_secret_names), github_output_delimter + ) if __name__ == "__main__": diff --git a/docs/actions/gcp-gsm-load-secrets/README.md b/docs/actions/gcp-gsm-load-secrets/README.md index 0d87d5967..8f845634c 100644 --- a/docs/actions/gcp-gsm-load-secrets/README.md +++ b/docs/actions/gcp-gsm-load-secrets/README.md @@ -47,9 +47,9 @@ To load a secret from GSM figure out the following: -| OUTPUT | TYPE | DESCRIPTION | -| ------- | ------ | ---------------------------------- | -| secrets | string | Secrets loaded from Secret Manager | +| OUTPUT | TYPE | DESCRIPTION | +| ------------ | ------ | ------------------------------------ | +| secret-names | string | Comma-separated list of secret names | From 68f61eeb30cef44c222def940bed6d99a08dafe7 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:36:11 +0100 Subject: [PATCH 19/38] fix: now there is javascript --- actions/gcp-gsm-load-secrets/action.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 5acff86dd..3ee421a48 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -41,7 +41,10 @@ runs: secrets: ${{ steps.parse_secrets.outputs.secrets-list }} export_to_environment: ${{ inputs.export-to-environment }} - name: "Set outputs" - run: | - for secret in $(echo "${{ steps.parse_secrets.outputs.secret-names }}" | sed "s/,/ /g"); do - echo "${secret}=${{ steps.secrets.outputs.${secret} }}" >> $GITHUB_OUTPUT - done + uses: "actions/github-script@v7" + with: + script: | + const secrets = JSON.parse('${{ toJSON(steps.secrets.outputs) }}'); + for (const [key, value] of Object.entries(secrets)) { + core.setOutput(key, value); + } From fed52729d62dcf43a3bb24ee1e651ad4040ddc19 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:41:10 +0100 Subject: [PATCH 20/38] fix: tests --- actions/gcp-gsm-parse-secrets/main.py | 10 ++++---- actions/gcp-gsm-parse-secrets/tests.py | 35 ++++++++++++++++++++------ 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index dda015200..81ddc060d 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -55,16 +55,16 @@ def main( # Deduplicate the input secrets input_secrets = set(input_secrets.splitlines()) - output = "" + output = [] parsed_secret_names = [] for secret in input_secrets: - parsed_secret, parsed_secret_name = ( - parse_secret(secret, gcp_project, github_output_delimter) + "\n" + parsed_secret, parsed_secret_name = parse_secret( + secret, gcp_project, github_output_delimter ) - output += parsed_secret + output.append(parsed_secret) parsed_secret_names.append(parsed_secret_name) - set_github_action_output("secrets-list", output, github_output_delimter) + set_github_action_output("secrets-list", "\n".join(output), github_output_delimter) set_github_action_output( "secret-names", ",".join(parsed_secret_names), github_output_delimter ) diff --git a/actions/gcp-gsm-parse-secrets/tests.py b/actions/gcp-gsm-parse-secrets/tests.py index 66fee5679..32ca5c52f 100644 --- a/actions/gcp-gsm-parse-secrets/tests.py +++ b/actions/gcp-gsm-parse-secrets/tests.py @@ -2,17 +2,36 @@ from main import parse_secret + class TestParseSecret(unittest.TestCase): def test_parse_secret(self): - self.assertEqual(parse_secret("secret_name", "project_name"), "SECRET_NAME:project_name/secret_name") - self.assertEqual(parse_secret("secret_name/version", "project_name"), "SECRET_NAME:project_name/secret_name/version") - self.assertEqual(parse_secret("123-456", "project_name"), "123_456:project_name/123-456") - self.assertEqual(parse_secret("123___123___123", "project_name"), "123_123_123:project_name/123___123___123") - self.assertEqual(parse_secret("i-like_trains__why_this?", "project_name"), "I_LIKE_TRAINS_WHY_THIS:project_name/i-like_trains__why_this?") + self.assertEqual( + parse_secret("secret_name", "project_name")[0], + "SECRET_NAME:project_name/secret_name", + ) + self.assertEqual( + parse_secret("secret_name/version", "project_name")[0], + "SECRET_NAME:project_name/secret_name/version", + ) + self.assertEqual( + parse_secret("123-456", "project_name")[0], "123_456:project_name/123-456" + ) + self.assertEqual( + parse_secret("123___123___123", "project_name")[0], + "123_123_123:project_name/123___123___123", + ) + self.assertEqual( + parse_secret("i-like_trains__why_this?", "project_name")[0], + "I_LIKE_TRAINS_WHY_THIS:project_name/i-like_trains__why_this?", + ) def test_parse_secret_special(self): # FIXME: this test is failing and i dont know why - self.assertEqual(parse_secret("123&&123()123__123*__*_123", "project_name"), "123_123_123_123:project_name/123&&123()123__123*__*_123") + self.assertEqual( + parse_secret("123&&123()123__123*__*_123", "project_name")[0], + "123_123_123_123:project_name/123&&123()123__123*__*_123", + ) + -if __name__ == '__main__': - unittest.main() \ No newline at end of file +if __name__ == "__main__": + unittest.main() From 8f92b1b9fbcd13f770017ac5ef2cc7f557832ce2 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:44:06 +0100 Subject: [PATCH 21/38] debug: try if bug is here --- actions/gcp-gsm-parse-secrets/main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index 81ddc060d..38b112010 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -65,9 +65,9 @@ def main( parsed_secret_names.append(parsed_secret_name) set_github_action_output("secrets-list", "\n".join(output), github_output_delimter) - set_github_action_output( - "secret-names", ",".join(parsed_secret_names), github_output_delimter - ) + # set_github_action_output( + # "secret-names", ",".join(parsed_secret_names), github_output_delimter + # ) if __name__ == "__main__": From 05cb77788d2f4c87d4b0b8dcbe3d7427329f70eb Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:45:28 +0100 Subject: [PATCH 22/38] debug: add final newline --- actions/gcp-gsm-parse-secrets/main.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index 38b112010..14bdc0d01 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -64,7 +64,9 @@ def main( output.append(parsed_secret) parsed_secret_names.append(parsed_secret_name) - set_github_action_output("secrets-list", "\n".join(output), github_output_delimter) + set_github_action_output( + "secrets-list", "\n".join(output) + "\n", github_output_delimter + ) # set_github_action_output( # "secret-names", ",".join(parsed_secret_names), github_output_delimter # ) From c8305c21e50c9bd3c1aa7c0d39fcfe676b82e53a Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:47:55 +0100 Subject: [PATCH 23/38] debug: uncomment secret names + add debug output --- actions/gcp-gsm-load-secrets/action.yaml | 3 +++ actions/gcp-gsm-parse-secrets/main.py | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 3ee421a48..d72b13b86 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -40,6 +40,9 @@ runs: with: secrets: ${{ steps.parse_secrets.outputs.secrets-list }} export_to_environment: ${{ inputs.export-to-environment }} + - name: "test" + run: | + echo '${{ toJSON(steps.secrets.outputs) }}' - name: "Set outputs" uses: "actions/github-script@v7" with: diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index 14bdc0d01..477ddc016 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -67,9 +67,9 @@ def main( set_github_action_output( "secrets-list", "\n".join(output) + "\n", github_output_delimter ) - # set_github_action_output( - # "secret-names", ",".join(parsed_secret_names), github_output_delimter - # ) + set_github_action_output( + "secret-names", ",".join(parsed_secret_names), github_output_delimter + ) if __name__ == "__main__": From 5929cd51e4e6f8bf2efe6b8fd23b4ab31bfa803b Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:49:12 +0100 Subject: [PATCH 24/38] fix: specify bash shell --- actions/gcp-gsm-load-secrets/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index d72b13b86..21fcca61d 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -41,6 +41,7 @@ runs: secrets: ${{ steps.parse_secrets.outputs.secrets-list }} export_to_environment: ${{ inputs.export-to-environment }} - name: "test" + shell: bash run: | echo '${{ toJSON(steps.secrets.outputs) }}' - name: "Set outputs" From fec5380a58e3ea64fa5c22f7698dcbfceb0603b1 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:50:39 +0100 Subject: [PATCH 25/38] fix: add new line to secret-names output --- actions/gcp-gsm-parse-secrets/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py index 477ddc016..c9b6b5db6 100644 --- a/actions/gcp-gsm-parse-secrets/main.py +++ b/actions/gcp-gsm-parse-secrets/main.py @@ -68,7 +68,7 @@ def main( "secrets-list", "\n".join(output) + "\n", github_output_delimter ) set_github_action_output( - "secret-names", ",".join(parsed_secret_names), github_output_delimter + "secret-names", ",".join(parsed_secret_names) + "\n", github_output_delimter ) From 94084cb20c0dee1012b5b003f1ec6075bf809270 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:54:01 +0100 Subject: [PATCH 26/38] debug: test GH string interpolation --- actions/gcp-gsm-load-secrets/action.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 21fcca61d..2e9389830 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -48,7 +48,8 @@ runs: uses: "actions/github-script@v7" with: script: | - const secrets = JSON.parse('${{ toJSON(steps.secrets.outputs) }}'); - for (const [key, value] of Object.entries(secrets)) { - core.setOutput(key, value); - } + console.log('${{ toJSON(steps.secrets.outputs) }}'); + // const secrets = JSON.parse('${{ toJSON(steps.secrets.outputs) }}'); + // for (const [key, value] of Object.entries(secrets)) { + // core.setOutput(key, value); + // } From 3c06aa38ceb3b835e6fc906dac513805d79c735d Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:57:42 +0100 Subject: [PATCH 27/38] debug: just see if basic stuff works --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 2e9389830..bd5009b36 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -48,7 +48,7 @@ runs: uses: "actions/github-script@v7" with: script: | - console.log('${{ toJSON(steps.secrets.outputs) }}'); + console.log('test'); // const secrets = JSON.parse('${{ toJSON(steps.secrets.outputs) }}'); // for (const [key, value] of Object.entries(secrets)) { // core.setOutput(key, value); From 4713020d01688472b739529233ed554be93203f2 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 01:59:17 +0100 Subject: [PATCH 28/38] debug: i thought semicolons are optional in js --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index bd5009b36..763d3a819 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -48,7 +48,7 @@ runs: uses: "actions/github-script@v7" with: script: | - console.log('test'); + console.log('test') // const secrets = JSON.parse('${{ toJSON(steps.secrets.outputs) }}'); // for (const [key, value] of Object.entries(secrets)) { // core.setOutput(key, value); From 0da35ddcf5f8ed40e68b893264b3ad4a172d9f36 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:00:26 +0100 Subject: [PATCH 29/38] debug: maybe comment are also not allowed --- actions/gcp-gsm-load-secrets/action.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 763d3a819..0d20fba60 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -49,7 +49,3 @@ runs: with: script: | console.log('test') - // const secrets = JSON.parse('${{ toJSON(steps.secrets.outputs) }}'); - // for (const [key, value] of Object.entries(secrets)) { - // core.setOutput(key, value); - // } From 75d344c1aab4fad55f127d3934f3ceeb9fdb6d25 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:01:48 +0100 Subject: [PATCH 30/38] debug: now try again with string --- actions/gcp-gsm-load-secrets/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 0d20fba60..341909573 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -49,3 +49,4 @@ runs: with: script: | console.log('test') + console.log('${{ toJSON(steps.secrets.outputs) }') From 3a802c71bb61337d801993722f7ba97ee7261ce7 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:03:03 +0100 Subject: [PATCH 31/38] fix: i forgor a bracket --- actions/gcp-gsm-load-secrets/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 341909573..30d31b96a 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -49,4 +49,4 @@ runs: with: script: | console.log('test') - console.log('${{ toJSON(steps.secrets.outputs) }') + console.log('${{ toJSON(steps.secrets.outputs) }}') From 462074086b121c05dfa7fcaa8da2ace3be41b9e0 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:04:30 +0100 Subject: [PATCH 32/38] debug: what is evenhappening --- actions/gcp-gsm-load-secrets/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 30d31b96a..a066d445a 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -44,6 +44,7 @@ runs: shell: bash run: | echo '${{ toJSON(steps.secrets.outputs) }}' + echo "console.log('${{ toJSON(steps.secrets.outputs) }}')" - name: "Set outputs" uses: "actions/github-script@v7" with: From c124c487e51747f4b4ade059fc441d115d628314 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:08:17 +0100 Subject: [PATCH 33/38] debug: be more direct --- actions/gcp-gsm-load-secrets/action.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index a066d445a..c0558dd78 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -50,4 +50,5 @@ runs: with: script: | console.log('test') - console.log('${{ toJSON(steps.secrets.outputs) }}') + let a = ${{ toJSON(steps.secrets.outputs) }} + console.log(a) From af63a837d542055f59f4f45011ea07a55effe468 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:09:39 +0100 Subject: [PATCH 34/38] fix: export all secrets --- actions/gcp-gsm-load-secrets/action.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index c0558dd78..b94779d8c 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -49,6 +49,7 @@ runs: uses: "actions/github-script@v7" with: script: | - console.log('test') - let a = ${{ toJSON(steps.secrets.outputs) }} - console.log(a) + let secrets = ${{ toJSON(steps.secrets.outputs) }} + for (const [key, value] of Object.entries(secrets)) { + core.setOutput(key, value); + } From 3dd7252ec5ff5c048327e12c66993c48c6895d21 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:13:52 +0100 Subject: [PATCH 35/38] debug: add some logging so see sth happening --- actions/gcp-gsm-load-secrets/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index b94779d8c..7d7f65683 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -52,4 +52,5 @@ runs: let secrets = ${{ toJSON(steps.secrets.outputs) }} for (const [key, value] of Object.entries(secrets)) { core.setOutput(key, value); + console.log(`Set output ${key}`); } From 923224c4749ef5cce4426390ba3a2f2f994562bf Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:16:35 +0100 Subject: [PATCH 36/38] debug: remove defined outputs --- actions/gcp-gsm-load-secrets/action.yaml | 8 ++++---- docs/actions/gcp-gsm-load-secrets/README.md | 4 +--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 7d7f65683..6c185b00e 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -17,10 +17,10 @@ inputs: description: "Export secrets to environment" required: false default: true -outputs: - secret-names: - description: "Comma-separated list of secret names" - value: ${{ steps.parse_secrets.outputs.secret-names }} +# outputs: +# secret-names: +# description: "Comma-separated list of secret names" +# value: ${{ steps.parse_secrets.outputs.secret-names }} runs: using: "composite" steps: diff --git a/docs/actions/gcp-gsm-load-secrets/README.md b/docs/actions/gcp-gsm-load-secrets/README.md index 8f845634c..13a12b12f 100644 --- a/docs/actions/gcp-gsm-load-secrets/README.md +++ b/docs/actions/gcp-gsm-load-secrets/README.md @@ -47,9 +47,7 @@ To load a secret from GSM figure out the following: -| OUTPUT | TYPE | DESCRIPTION | -| ------------ | ------ | ------------------------------------ | -| secret-names | string | Comma-separated list of secret names | +No outputs. From b6c9ff3378c9ccb412ddda48dbb1acdbed330ed8 Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:20:47 +0100 Subject: [PATCH 37/38] debug: does basics work? --- actions/gcp-gsm-load-secrets/action.yaml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index 6c185b00e..ab9445dcf 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -45,12 +45,13 @@ runs: run: | echo '${{ toJSON(steps.secrets.outputs) }}' echo "console.log('${{ toJSON(steps.secrets.outputs) }}')" - - name: "Set outputs" - uses: "actions/github-script@v7" - with: - script: | - let secrets = ${{ toJSON(steps.secrets.outputs) }} - for (const [key, value] of Object.entries(secrets)) { - core.setOutput(key, value); - console.log(`Set output ${key}`); - } + echo "TEST=SOMEHTHING" >> "$GITHUB_OUTPUT" + # - name: "Set outputs" + # uses: "actions/github-script@v7" + # with: + # script: | + # let secrets = ${{ toJSON(steps.secrets.outputs) }} + # for (const [key, value] of Object.entries(secrets)) { + # core.setOutput(key, value); + # console.log(`Set output ${key}`); + # } From afa23548b80c3537e91c636210fa2c0125a9ffbc Mon Sep 17 00:00:00 2001 From: Jan Max Tiedemann Date: Wed, 27 Nov 2024 02:23:55 +0100 Subject: [PATCH 38/38] fix: sadly i have to use this workaround --- actions/gcp-gsm-load-secrets/action.yaml | 23 ++++----------------- docs/actions/gcp-gsm-load-secrets/README.md | 4 +++- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml index ab9445dcf..b82c8a9a9 100644 --- a/actions/gcp-gsm-load-secrets/action.yaml +++ b/actions/gcp-gsm-load-secrets/action.yaml @@ -17,10 +17,10 @@ inputs: description: "Export secrets to environment" required: false default: true -# outputs: -# secret-names: -# description: "Comma-separated list of secret names" -# value: ${{ steps.parse_secrets.outputs.secret-names }} +outputs: + secret-json-string: + description: "JSON string with all secrets" + value: ${{ toJSON(steps.secrets.outputs) }} runs: using: "composite" steps: @@ -40,18 +40,3 @@ runs: with: secrets: ${{ steps.parse_secrets.outputs.secrets-list }} export_to_environment: ${{ inputs.export-to-environment }} - - name: "test" - shell: bash - run: | - echo '${{ toJSON(steps.secrets.outputs) }}' - echo "console.log('${{ toJSON(steps.secrets.outputs) }}')" - echo "TEST=SOMEHTHING" >> "$GITHUB_OUTPUT" - # - name: "Set outputs" - # uses: "actions/github-script@v7" - # with: - # script: | - # let secrets = ${{ toJSON(steps.secrets.outputs) }} - # for (const [key, value] of Object.entries(secrets)) { - # core.setOutput(key, value); - # console.log(`Set output ${key}`); - # } diff --git a/docs/actions/gcp-gsm-load-secrets/README.md b/docs/actions/gcp-gsm-load-secrets/README.md index 13a12b12f..ff712c0c3 100644 --- a/docs/actions/gcp-gsm-load-secrets/README.md +++ b/docs/actions/gcp-gsm-load-secrets/README.md @@ -47,7 +47,9 @@ To load a secret from GSM figure out the following: -No outputs. +| OUTPUT | TYPE | DESCRIPTION | +| ------------------ | ------ | ---------------------------- | +| secret-json-string | string | JSON string with all secrets |