From 93d64baa8a7a480b849cd1716dbbdae6c17013d1 Mon Sep 17 00:00:00 2001 From: Leonardo Villela Date: Mon, 24 Apr 2023 02:15:24 +0200 Subject: [PATCH 1/9] Test if it's possible to overwrite env var variable in action --- .github/actions/nested-vault-action/action.yml | 11 +++++++++++ .github/workflows/build.yml | 11 +++++++++++ integrationTests/e2e/e2e.test.js | 1 + integrationTests/e2e/setup.js | 12 ++++++++++++ 4 files changed, 35 insertions(+) create mode 100644 .github/actions/nested-vault-action/action.yml diff --git a/.github/actions/nested-vault-action/action.yml b/.github/actions/nested-vault-action/action.yml new file mode 100644 index 00000000..32ebb986 --- /dev/null +++ b/.github/actions/nested-vault-action/action.yml @@ -0,0 +1,11 @@ +name: 'Nested Vault Action' +description: 'A Nested Vault Action to be used in E2E tests' +runs: + using: "composite" + steps: + - uses: ./ + with: + url: http://localhost:8200 + token: testtoken + secrets: | + secret/data/nested-vault-action secret | NESTED_VAULT_ACTION_SECRET; \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f3898fc7..cdec30a7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -174,6 +174,17 @@ jobs: /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; + - name: Test Vault Action Overwrites Env Vars In Nested Action (part 1/2) + uses: ./ + with: + url: http://localhost:8200 + token: testtoken + secrets: | + secret/data/test secret | NESTED_VAULT_ACTION_SECRET; + + - name: Test Vault Action Overwrites Env Vars In Nested Action (part 2/2) + uses: ./.github/actions/nested-vault-action + - name: Verify Vault Action Outputs run: npm run test:e2e env: diff --git a/integrationTests/e2e/e2e.test.js b/integrationTests/e2e/e2e.test.js index c5ed5af0..2ba6688d 100644 --- a/integrationTests/e2e/e2e.test.js +++ b/integrationTests/e2e/e2e.test.js @@ -9,5 +9,6 @@ describe('e2e', () => { expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET"); expect(process.env.FOO).toBe("bar"); expect(process.env.NAMED_CUBBYSECRET).toBe("zap"); + expect(process.env.NESTED_VAULT_ACTION_SECRET).toBe("NESTED_VAULT_ACTION_SECRET"); }); }); diff --git a/integrationTests/e2e/setup.js b/integrationTests/e2e/setup.js index 846a9ed7..582bde16 100644 --- a/integrationTests/e2e/setup.js +++ b/integrationTests/e2e/setup.js @@ -76,6 +76,18 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V zip: 'zap', }, }); + + await got(`http://${vaultUrl}/v1/secret/data/nested-vault-action`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + data: { + secret: 'NESTED_VAULT_ACTION_SECRET', + }, + }, + }); } catch (error) { console.log(error); process.exit(1); From 1d5aa91090953c29aff94d73ed48ce43b401695b Mon Sep 17 00:00:00 2001 From: Leonardo Villela Date: Sun, 7 May 2023 00:14:38 +0200 Subject: [PATCH 2/9] Remove unecessary nested vault action test --- .../actions/nested-vault-action/action.yml | 11 ---------- .github/workflows/build.yml | 21 +++++++++---------- integrationTests/e2e/e2e.test.js | 2 +- integrationTests/e2e/setup.js | 4 ++-- 4 files changed, 13 insertions(+), 25 deletions(-) delete mode 100644 .github/actions/nested-vault-action/action.yml diff --git a/.github/actions/nested-vault-action/action.yml b/.github/actions/nested-vault-action/action.yml deleted file mode 100644 index 32ebb986..00000000 --- a/.github/actions/nested-vault-action/action.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: 'Nested Vault Action' -description: 'A Nested Vault Action to be used in E2E tests' -runs: - using: "composite" - steps: - - uses: ./ - with: - url: http://localhost:8200 - token: testtoken - secrets: | - secret/data/nested-vault-action secret | NESTED_VAULT_ACTION_SECRET; \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cdec30a7..dedbba9f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -174,21 +174,20 @@ jobs: /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; - - name: Test Vault Action Overwrites Env Vars In Nested Action (part 1/2) + - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2) uses: ./ with: - url: http://localhost:8200 + url: http://localhost:8200/ token: testtoken secrets: | - secret/data/test secret | NESTED_VAULT_ACTION_SECRET; - - - name: Test Vault Action Overwrites Env Vars In Nested Action (part 2/2) - uses: ./.github/actions/nested-vault-action - - - name: Verify Vault Action Outputs - run: npm run test:e2e - env: - OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} + secret/data/test secret | SUBSEQUENT_TEST_SECRET; + - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) + uses: ./ + with: + url: http://localhost:8200/ + token: testtoken + secrets: | + secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; e2e-tls: runs-on: ubuntu-latest diff --git a/integrationTests/e2e/e2e.test.js b/integrationTests/e2e/e2e.test.js index 2ba6688d..6495d14e 100644 --- a/integrationTests/e2e/e2e.test.js +++ b/integrationTests/e2e/e2e.test.js @@ -9,6 +9,6 @@ describe('e2e', () => { expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET"); expect(process.env.FOO).toBe("bar"); expect(process.env.NAMED_CUBBYSECRET).toBe("zap"); - expect(process.env.NESTED_VAULT_ACTION_SECRET).toBe("NESTED_VAULT_ACTION_SECRET"); + expect(process.env.SUBSEQUENT_TEST_SECRET).toBe("SUBSEQUENT_TEST_SECRET"); }); }); diff --git a/integrationTests/e2e/setup.js b/integrationTests/e2e/setup.js index 582bde16..96f2295f 100644 --- a/integrationTests/e2e/setup.js +++ b/integrationTests/e2e/setup.js @@ -77,14 +77,14 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V }, }); - await got(`http://${vaultUrl}/v1/secret/data/nested-vault-action`, { + await got(`http://${vaultUrl}/v1/secret/data/subsequent-test`, { method: 'POST', headers: { 'X-Vault-Token': vaultToken, }, json: { data: { - secret: 'NESTED_VAULT_ACTION_SECRET', + secret: 'SUBSEQUENT_TEST_SECRET', }, }, }); From 953f8d3c7e988a555605fe6fa58c79f754019b7d Mon Sep 17 00:00:00 2001 From: Thy Ton Date: Thu, 11 May 2023 13:50:05 -0400 Subject: [PATCH 3/9] recover deleted vault action step --- .github/workflows/build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dedbba9f..30ccab29 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -189,6 +189,11 @@ jobs: secrets: | secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; + - name: Verify Vault Action Outputs + run: npm run test:e2e + env: + OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} + e2e-tls: runs-on: ubuntu-latest From 4d8911ace5a49984afb2af5b722cc4ec907ad531 Mon Sep 17 00:00:00 2001 From: Leonardo Villela Date: Mon, 24 Apr 2023 02:15:24 +0200 Subject: [PATCH 4/9] Test if it's possible to overwrite env var variable in action --- .github/actions/nested-vault-action/action.yml | 11 +++++++++++ .github/workflows/build.yml | 11 +++++++++++ integrationTests/e2e/e2e.test.js | 1 + integrationTests/e2e/setup.js | 12 ++++++++++++ 4 files changed, 35 insertions(+) create mode 100644 .github/actions/nested-vault-action/action.yml diff --git a/.github/actions/nested-vault-action/action.yml b/.github/actions/nested-vault-action/action.yml new file mode 100644 index 00000000..32ebb986 --- /dev/null +++ b/.github/actions/nested-vault-action/action.yml @@ -0,0 +1,11 @@ +name: 'Nested Vault Action' +description: 'A Nested Vault Action to be used in E2E tests' +runs: + using: "composite" + steps: + - uses: ./ + with: + url: http://localhost:8200 + token: testtoken + secrets: | + secret/data/nested-vault-action secret | NESTED_VAULT_ACTION_SECRET; \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 50b68b95..b2460e80 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -162,6 +162,17 @@ jobs: /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; + - name: Test Vault Action Overwrites Env Vars In Nested Action (part 1/2) + uses: ./ + with: + url: http://localhost:8200 + token: testtoken + secrets: | + secret/data/test secret | NESTED_VAULT_ACTION_SECRET; + + - name: Test Vault Action Overwrites Env Vars In Nested Action (part 2/2) + uses: ./.github/actions/nested-vault-action + - name: Verify Vault Action Outputs run: npm run test:integration:e2e env: diff --git a/integrationTests/e2e/e2e.test.js b/integrationTests/e2e/e2e.test.js index c5ed5af0..2ba6688d 100644 --- a/integrationTests/e2e/e2e.test.js +++ b/integrationTests/e2e/e2e.test.js @@ -9,5 +9,6 @@ describe('e2e', () => { expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET"); expect(process.env.FOO).toBe("bar"); expect(process.env.NAMED_CUBBYSECRET).toBe("zap"); + expect(process.env.NESTED_VAULT_ACTION_SECRET).toBe("NESTED_VAULT_ACTION_SECRET"); }); }); diff --git a/integrationTests/e2e/setup.js b/integrationTests/e2e/setup.js index 846a9ed7..582bde16 100644 --- a/integrationTests/e2e/setup.js +++ b/integrationTests/e2e/setup.js @@ -76,6 +76,18 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V zip: 'zap', }, }); + + await got(`http://${vaultUrl}/v1/secret/data/nested-vault-action`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + data: { + secret: 'NESTED_VAULT_ACTION_SECRET', + }, + }, + }); } catch (error) { console.log(error); process.exit(1); From 2c5c0123478b6474ec99d918f2f7d5cd2a82cad7 Mon Sep 17 00:00:00 2001 From: Leonardo Villela Date: Sun, 7 May 2023 00:14:38 +0200 Subject: [PATCH 5/9] Remove unecessary nested vault action test --- .../actions/nested-vault-action/action.yml | 11 ---------- .github/workflows/build.yml | 21 +++++++++---------- integrationTests/e2e/e2e.test.js | 2 +- integrationTests/e2e/setup.js | 4 ++-- 4 files changed, 13 insertions(+), 25 deletions(-) delete mode 100644 .github/actions/nested-vault-action/action.yml diff --git a/.github/actions/nested-vault-action/action.yml b/.github/actions/nested-vault-action/action.yml deleted file mode 100644 index 32ebb986..00000000 --- a/.github/actions/nested-vault-action/action.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: 'Nested Vault Action' -description: 'A Nested Vault Action to be used in E2E tests' -runs: - using: "composite" - steps: - - uses: ./ - with: - url: http://localhost:8200 - token: testtoken - secrets: | - secret/data/nested-vault-action secret | NESTED_VAULT_ACTION_SECRET; \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b2460e80..542c1519 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -162,21 +162,20 @@ jobs: /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; - - name: Test Vault Action Overwrites Env Vars In Nested Action (part 1/2) + - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2) uses: ./ with: - url: http://localhost:8200 + url: http://localhost:8200/ token: testtoken secrets: | - secret/data/test secret | NESTED_VAULT_ACTION_SECRET; - - - name: Test Vault Action Overwrites Env Vars In Nested Action (part 2/2) - uses: ./.github/actions/nested-vault-action - - - name: Verify Vault Action Outputs - run: npm run test:integration:e2e - env: - OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} + secret/data/test secret | SUBSEQUENT_TEST_SECRET; + - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) + uses: ./ + with: + url: http://localhost:8200/ + token: testtoken + secrets: | + secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; e2e-tls: runs-on: ubuntu-latest diff --git a/integrationTests/e2e/e2e.test.js b/integrationTests/e2e/e2e.test.js index 2ba6688d..6495d14e 100644 --- a/integrationTests/e2e/e2e.test.js +++ b/integrationTests/e2e/e2e.test.js @@ -9,6 +9,6 @@ describe('e2e', () => { expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET"); expect(process.env.FOO).toBe("bar"); expect(process.env.NAMED_CUBBYSECRET).toBe("zap"); - expect(process.env.NESTED_VAULT_ACTION_SECRET).toBe("NESTED_VAULT_ACTION_SECRET"); + expect(process.env.SUBSEQUENT_TEST_SECRET).toBe("SUBSEQUENT_TEST_SECRET"); }); }); diff --git a/integrationTests/e2e/setup.js b/integrationTests/e2e/setup.js index 582bde16..96f2295f 100644 --- a/integrationTests/e2e/setup.js +++ b/integrationTests/e2e/setup.js @@ -77,14 +77,14 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V }, }); - await got(`http://${vaultUrl}/v1/secret/data/nested-vault-action`, { + await got(`http://${vaultUrl}/v1/secret/data/subsequent-test`, { method: 'POST', headers: { 'X-Vault-Token': vaultToken, }, json: { data: { - secret: 'NESTED_VAULT_ACTION_SECRET', + secret: 'SUBSEQUENT_TEST_SECRET', }, }, }); From 5be121d49f1327951982df806f317554529c16c8 Mon Sep 17 00:00:00 2001 From: Thy Ton Date: Thu, 11 May 2023 13:50:05 -0400 Subject: [PATCH 6/9] recover deleted vault action step --- .github/workflows/build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 542c1519..87846bef 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -177,6 +177,11 @@ jobs: secrets: | secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; + - name: Verify Vault Action Outputs + run: npm run test:e2e + env: + OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} + e2e-tls: runs-on: ubuntu-latest From c58817252003f8152463b488788ccea23fb30087 Mon Sep 17 00:00:00 2001 From: Thy Ton Date: Fri, 9 Jun 2023 16:48:38 -0700 Subject: [PATCH 7/9] check if CI fails --- .github/workflows/build.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 64eb42c7..ef3a228a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -169,13 +169,15 @@ jobs: token: testtoken secrets: | secret/data/test secret | SUBSEQUENT_TEST_SECRET; - - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) - uses: ./ - with: - url: http://localhost:8200/ - token: testtoken - secrets: | - secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; +# After rebase with main to catch this fix https://github.com/hashicorp/vault-action/pull/463, running build on all branches +# Comment out to check if CI fails +# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) +# uses: ./ +# with: +# url: http://localhost:8200/ +# token: testtoken +# secrets: | +# secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; - name: Verify Vault Action Outputs run: npm run test:integration:e2e From ca2991b007b33449a3052755cc5523d10956250d Mon Sep 17 00:00:00 2001 From: Thy Ton Date: Mon, 12 Jun 2023 14:39:39 -0700 Subject: [PATCH 8/9] Uncomment to check if CI passes --- .github/workflows/build.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ef3a228a..a6d1582c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -169,15 +169,14 @@ jobs: token: testtoken secrets: | secret/data/test secret | SUBSEQUENT_TEST_SECRET; -# After rebase with main to catch this fix https://github.com/hashicorp/vault-action/pull/463, running build on all branches -# Comment out to check if CI fails -# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) -# uses: ./ -# with: -# url: http://localhost:8200/ -# token: testtoken -# secrets: | -# secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; + + - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) + uses: ./ + with: + url: http://localhost:8200/ + token: testtoken + secrets: | + secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; - name: Verify Vault Action Outputs run: npm run test:integration:e2e From 03618eedb3eed92381624497dc05ac4e93f60b12 Mon Sep 17 00:00:00 2001 From: Thy Ton Date: Tue, 13 Jun 2023 11:16:29 -0700 Subject: [PATCH 9/9] comment on the ordering of subsequent actions test --- .github/workflows/build.yml | 2 ++ .gitignore | 3 +++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6d1582c..778f18c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -162,6 +162,8 @@ jobs: /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; + # The ordering of these two Test Vault Action Overwrites Env Vars In Subsequent Action steps matters + # They should come before the Verify Vault Action Outputs step - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2) uses: ./ with: diff --git a/.gitignore b/.gitignore index ad46b308..c4297e6a 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,6 @@ typings/ # next.js build output .next + +# GoLand IDE project files +.idea