Skip to content

Commit

Permalink
Merge branch 'main' into releases/v1
Browse files Browse the repository at this point in the history
  • Loading branch information
shogo82148 committed Jan 12, 2024
2 parents f242de9 + 36eb6db commit 9a7a892
Show file tree
Hide file tree
Showing 27 changed files with 1,226 additions and 896 deletions.
11 changes: 8 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,14 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: provider/assume-role/go.mod

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -50,7 +55,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -64,4 +69,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
2 changes: 1 addition & 1 deletion .github/workflows/production.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: provider/assume-role/go.mod

Expand Down
16 changes: 12 additions & 4 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,13 @@ jobs:
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: provider/assume-role/go.mod

Expand All @@ -28,9 +29,16 @@ jobs:
make test
working-directory: provider/assume-role

- name: report coverage
uses: k1LoW/octocov-action@v0

action:
runs-on: ${{ matrix.os }}
timeout-minutes: 15
permissions:
id-token: write
contents: read
pull-requests: write
strategy:
fail-fast: false
matrix:
Expand All @@ -43,7 +51,7 @@ jobs:
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: provider/assume-role/go.mod

Expand All @@ -52,9 +60,9 @@ jobs:
working-directory: provider/assume-role

- name: Set up Node.js
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version-file: .node-version
node-version-file: action/package.json
cache: "npm"
cache-dependency-path: action/package-lock.json

Expand Down
1 change: 0 additions & 1 deletion .node-version

This file was deleted.

18 changes: 18 additions & 0 deletions .octocov.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# generated by octocov init
coverage:
if: true
paths:
- provider/assume-role/coverage.out
testExecutionTime:
if: true
diff:
datastores:
- artifact://${GITHUB_REPOSITORY}
comment:
if: is_pull_request
summary:
if: true
report:
if: is_default_branch
datastores:
- artifact://${GITHUB_REPOSITORY}
5 changes: 0 additions & 5 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ inputs:
required: true
default: false

obfuscate-repository:
description: "obfuscate your repository name"
required: true
default: ""
deprecationMessage: "obfuscate-repository is deprecated. use `use-node-id: true` instead of it."
runs:
using: "node20"
main: "action/lib/index.js"
Expand Down
3 changes: 3 additions & 0 deletions action/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
/node_modules/
/lib/
/dummy.log
10 changes: 1 addition & 9 deletions action/.prettierrc.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,3 @@
{
"printWidth": 120,
"tabWidth": 2,
"useTabs": false,
"semi": true,
"singleQuote": true,
"trailingComma": "none",
"bracketSpacing": false,
"arrowParens": "avoid",
"parser": "typescript"
"printWidth": 120
}
104 changes: 60 additions & 44 deletions action/__test__/index.test.ts
Original file line number Diff line number Diff line change
@@ -1,85 +1,101 @@
import * as os from 'os';
import * as fs from 'fs';
import * as path from 'path';
import * as exec from '@actions/exec';
import * as io from '@actions/io';
import * as child_process from 'child_process';
import * as index from '../src/index';
import * as os from "os";
import * as fs from "fs";
import * as path from "path";
import * as exec from "@actions/exec";
import * as io from "@actions/io";
import * as core from "@actions/core";
import * as child_process from "child_process";
import * as index from "../src/index";

const sep = path.sep;

jest.mock("@actions/core");

// extension of executable files
const binExt = os.platform() === 'win32' ? '.exe' : '';
const binExt = os.platform() === "win32" ? ".exe" : "";

process.env.GITHUB_REPOSITORY = "fuller-inc/actions-aws-assume-role";
process.env.GITHUB_WORKFLOW = "test";
process.env.GITHUB_RUN_ID = "1234567890";
process.env.GITHUB_ACTOR = "fuller-inc";
process.env.GITHUB_SHA = "e3a45c6c16c1464826b36a598ff39e6cc98c4da4";
process.env.GITHUB_REF = "ref/heads/main";

process.env.GITHUB_REPOSITORY = 'shogo82148/actions-aws-assume-role';
process.env.GITHUB_WORKFLOW = 'test';
process.env.GITHUB_RUN_ID = '1234567890';
process.env.GITHUB_ACTOR = 'shogo82148';
process.env.GITHUB_SHA = 'e3a45c6c16c1464826b36a598ff39e6cc98c4da4';
process.env.GITHUB_REF = 'ref/heads/main';
// set dummy id token endpoint
process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = "dummy";
process.env.ACTIONS_ID_TOKEN_REQUEST_URL = "https://example.com";

describe('tests', () => {
let tmpdir = '';
describe("tests", () => {
let tmpdir = "";
let subprocess: child_process.ChildProcess;
beforeAll(async () => {
tmpdir = await mkdtemp();
const bin = `${tmpdir}${sep}dummy${binExt}`;

console.log('compiling dummy server');
console.log("compiling dummy server");
await exec.exec(
'go',
['build', '-o', bin, 'github.com/fuller-inc/actions-aws-assume-role/provider/assume-role/cmd/dummy'],
"go",
["build", "-o", bin, "github.com/fuller-inc/actions-aws-assume-role/provider/assume-role/cmd/dummy"],
{
cwd: `..${sep}provider${sep}assume-role`
}
cwd: `..${sep}provider${sep}assume-role`,
},
);

console.log('starting dummy server');
console.log("starting dummy server");
subprocess = child_process.spawn(bin, [], {
detached: true,
stdio: 'ignore'
stdio: "ignore",
});
await sleep(1); // wait for starting process
}, 5 * 60000);

afterAll(async () => {
console.log('killing dummy server');
subprocess?.kill('SIGTERM');
console.log("killing dummy server");
subprocess?.kill("SIGTERM");
await sleep(1); // wait for stopping process
await io.rmRF(tmpdir);
});

it('succeed', async () => {
it("succeed", async () => {
(core.getIDToken as jest.Mock).mockResolvedValueOnce("dummyGitHubIDToken");

await index.assumeRole({
githubToken: 'ghs_dummyGitHubToken',
awsRegion: 'us-east-1',
roleToAssume: 'arn:aws:iam::123456789012:role/assume-role-test',
githubToken: "ghs_dummyGitHubToken",
awsRegion: "us-east-1",
roleToAssume: "arn:aws:iam::123456789012:role/assume-role-test",
roleDurationSeconds: 900,
roleSessionName: 'GitHubActions',
roleSessionName: "GitHubActions",
roleSessionTagging: true,
providerEndpoint: 'http://localhost:8080',
providerEndpoint: "http://localhost:8080",
useNodeId: false,
obfuscateRepository: ''
});
expect(process.env.AWS_ACCESS_KEY_ID).toBe('AKIAIOSFODNN7EXAMPLE');
expect(process.env.AWS_SECRET_ACCESS_KEY).toBe('wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY');
expect(process.env.AWS_SESSION_TOKEN).toBe('session-token');
expect(process.env.AWS_DEFAULT_REGION).toBe('us-east-1');
expect(process.env.AWS_REGION).toBe('us-east-1');

const exportVariable = core.exportVariable as jest.Mock;
expect(exportVariable).toHaveBeenCalledWith("AWS_ACCESS_KEY_ID", "AKIAIOSFODNN7EXAMPLE");
expect(exportVariable).toHaveBeenCalledWith("AWS_SECRET_ACCESS_KEY", "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY");
expect(exportVariable).toHaveBeenCalledWith("AWS_SESSION_TOKEN", "session-token");
expect(exportVariable).toHaveBeenCalledWith("AWS_DEFAULT_REGION", "us-east-1");
expect(exportVariable).toHaveBeenCalledWith("AWS_REGION", "us-east-1");

const setSecret = core.setSecret as jest.Mock;
expect(setSecret).toHaveBeenCalledWith("AKIAIOSFODNN7EXAMPLE");
expect(setSecret).toHaveBeenCalledWith("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY");
expect(setSecret).toHaveBeenCalledWith("session-token");
});

it('invalid GitHub Token', async () => {
it("invalid GitHub ID Token", async () => {
await expect(async () => {
(core.getIDToken as jest.Mock).mockResolvedValueOnce("invalid");

await index.assumeRole({
githubToken: 'ghp_dummyPersonalGitHubToken',
awsRegion: 'us-east-1',
roleToAssume: 'arn:aws:iam::123456789012:role/assume-role-test',
githubToken: "ghp_dummyPersonalGitHubToken",
awsRegion: "us-east-1",
roleToAssume: "arn:aws:iam::123456789012:role/assume-role-test",
roleDurationSeconds: 900,
roleSessionName: 'GitHubActions',
roleSessionName: "GitHubActions",
roleSessionTagging: true,
providerEndpoint: 'http://localhost:8080',
providerEndpoint: "http://localhost:8080",
useNodeId: false,
obfuscateRepository: ''
});
}).rejects.toThrow();
});
Expand Down
13 changes: 6 additions & 7 deletions action/jest.config.js
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
module.exports = {
clearMocks: true,
moduleFileExtensions: ['js', 'ts'],
testEnvironment: 'node',
testMatch: ['**/*.test.ts'],
testRunner: 'jest-circus/runner',
moduleFileExtensions: ["js", "ts"],
testEnvironment: "node",
testMatch: ["**/*.test.ts"],
transform: {
'^.+\\.ts$': 'ts-jest'
"^.+\\.ts$": "ts-jest",
},
verbose: true
}
verbose: true,
};
Loading

0 comments on commit 9a7a892

Please sign in to comment.