From 0d04c25057d9e0a55efcf8d2186ab0ffd0f5a310 Mon Sep 17 00:00:00 2001 From: Phil Jay Date: Wed, 15 Jun 2022 22:05:30 +1000 Subject: [PATCH 1/4] Optionally run in Docker --- action.yaml | 121 +++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 100 insertions(+), 21 deletions(-) diff --git a/action.yaml b/action.yaml index 79cd339..6154a1e 100644 --- a/action.yaml +++ b/action.yaml @@ -66,6 +66,10 @@ inputs: description: 'Repository permissions: read, write or admin' required: false default: 'write' + run_in_docker: + description: 'Run in a Docker image (if `actions/setup-python@v3` does not work for you)' + required: false + default: false outputs: username: @@ -80,24 +84,99 @@ outputs: description: 'ID of the PAT (can be used to revoke)' runs: - using: "docker" - image: 'Dockerfile' - args: - - ${{ inputs.mode }} - - --check-using-ldap-bind=${{ inputs.check_using_ldap_bind }} - - --project-permissions=${{ inputs.project_permissions }} - - --repository-permissions=${{ inputs.repository_permissions }} - entrypoint: '/app/entrypoint_main.sh' - post-entrypoint: '/app/entrypoint_post_cleanup.sh' - env: - base_url: ${{ inputs.base_url }} - username: ${{ inputs.username }} - password: ${{ inputs.password }} - pat_id: ${{ inputs.pat_id }} - valid_days: ${{ inputs.valid_days }} - max_attempts: ${{ inputs.max_attempts }} - seconds_between_attempts: ${{ inputs.seconds_between_attempts }} - ldap_hosts: ${{ inputs.ldap_hosts }} - ldap_path: ${{ inputs.ldap_path }} - ldap_port: ${{ inputs.ldap_port }} - pat_uri: ${{ inputs.pat_uri }} + using: "composite" + steps: + - id: python + name: Setup Python 🐍 + if: ${{ inputs.run_in_docker == 'false' }} + uses: actions/setup-python@v3 + with: + python-version: '3.10' # Should match Pipfile / "python_version" + + - id: deps + name: Setup Python dependencies 📦 + if: ${{ inputs.run_in_docker == 'false' }} + shell: bash + run: | + set -euo pipefail + pip install pipenv + PIPENV_PIPFILE=${{ github.action_path }}/Pipfile pipenv install --ignore-pipfile + + - id: pat + name: Run pat_helper.py 🏃 + if: ${{ inputs.run_in_docker == 'false' }} + env: + base_url: ${{ inputs.base_url }} + username: ${{ inputs.username }} + password: ${{ inputs.password }} + pat_id: ${{ inputs.pat_id }} + valid_days: ${{ inputs.valid_days }} + max_attempts: ${{ inputs.max_attempts }} + seconds_between_attempts: ${{ inputs.seconds_between_attempts }} + ldap_hosts: ${{ inputs.ldap_hosts }} + ldap_path: ${{ inputs.ldap_path }} + ldap_port: ${{ inputs.ldap_port }} + pat_uri: ${{ inputs.pat_uri }} + shell: bash + run: | + set -euo pipefail + PIPENV_PIPFILE="${{ github.action_path }}/Pipfile" pipenv run \ + python "${{ github.action_path }}/pat_helper.py" \ + "${{ inputs.mode }}" \ + --check-using-ldap-bind "${{ inputs.check_using_ldap_bind }}" \ + --project-permissions "${{ inputs.project_permissions }}" \ + --repository-permissions "${{ inputs.repository_permissions }}" + + # In docker: + - id: buildx + name: Set up docker buildx 🐳 + if: ${{ inputs.run_in_docker == 'true' }} + uses: docker/setup-buildx-action@v2 + + - id: build + name: Docker build 🛠 + if: ${{ inputs.run_in_docker == 'true' }} + uses: docker/build-push-action@v3 + with: + context: ${{ github.action_path }} + file: ${{ github.action_path }}/Dockerfile + push: false + tags: pat-helper + + - id: pat-in-docker + name: Run pat_helper.py in docker 🎁 + if: ${{ inputs.run_in_docker == 'true' }} + env: + base_url: ${{ inputs.base_url }} + username: ${{ inputs.username }} + password: ${{ inputs.password }} + pat_id: ${{ inputs.pat_id }} + valid_days: ${{ inputs.valid_days }} + max_attempts: ${{ inputs.max_attempts }} + seconds_between_attempts: ${{ inputs.seconds_between_attempts }} + ldap_hosts: ${{ inputs.ldap_hosts }} + ldap_path: ${{ inputs.ldap_path }} + ldap_port: ${{ inputs.ldap_port }} + pat_uri: ${{ inputs.pat_uri }} + shell: bash + run: | + set -euo pipefail + docker run \ + --rm \ + --entrypoint "/app/entrypoint_main.sh" \ + --env base_url \ + --env username \ + --env password \ + --env pat_id \ + --env valid_days \ + --env max_attempts \ + --env seconds_between_attempts \ + --env ldap_hosts \ + --env ldap_path \ + --env ldap_port \ + --env pat_uri \ + pat-helper \ + "${{ inputs.mode }}" \ + --check-using-ldap-bind "${{ inputs.check_using_ldap_bind }}" \ + --project-permissions "${{ inputs.project_permissions }}" \ + --repository-permissions "${{ inputs.repository_permissions }}" From 2ccb0b121be0e8e2a2add8f121d21e56037d2eea Mon Sep 17 00:00:00 2001 From: Phil Jay Date: Thu, 16 Jun 2022 11:58:50 +1000 Subject: [PATCH 2/4] Remove invalid CODEOWNERS --- .github/CODEOWNERS | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index 48241cf..0000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# These owners will be the default owners for everything in -# the repo. Unless a later match takes precedence, -# @reecegroup/delivery-engineering will be requested for -# review when someone opens a pull request. -* @reecegroup/delivery-engineering \ No newline at end of file From b0d76cb440acb59c880cf40df94dd73bf1cd7a37 Mon Sep 17 00:00:00 2001 From: Phil Jay Date: Wed, 23 Nov 2022 09:47:05 +1100 Subject: [PATCH 3/4] Update to expose GITHUB append files --- action.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/action.yaml b/action.yaml index 6154a1e..2a18c17 100644 --- a/action.yaml +++ b/action.yaml @@ -67,7 +67,7 @@ inputs: required: false default: 'write' run_in_docker: - description: 'Run in a Docker image (if `actions/setup-python@v3` does not work for you)' + description: 'Run in a Docker image (if `actions/setup-python@v4` does not work for you)' required: false default: false @@ -89,7 +89,7 @@ runs: - id: python name: Setup Python 🐍 if: ${{ inputs.run_in_docker == 'false' }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v4 with: python-version: '3.10' # Should match Pipfile / "python_version" @@ -163,6 +163,7 @@ runs: set -euo pipefail docker run \ --rm \ + --user "$(id -u):$(id -g)" \ --entrypoint "/app/entrypoint_main.sh" \ --env base_url \ --env username \ @@ -175,6 +176,10 @@ runs: --env ldap_path \ --env ldap_port \ --env pat_uri \ + --env GITHUB_OUTPUT \ + --env GITHUB_STATE \ + --volume "${GITHUB_OUTPUT}:${GITHUB_OUTPUT}" \ + --volume "${GITHUB_STATE}:${GITHUB_STATE}" \ pat-helper \ "${{ inputs.mode }}" \ --check-using-ldap-bind "${{ inputs.check_using_ldap_bind }}" \ From 5d30568a076a27672ef7a19ad58d5cf55cd7b436 Mon Sep 17 00:00:00 2001 From: ps-jay Date: Tue, 22 Nov 2022 22:48:17 +0000 Subject: [PATCH 4/4] Update README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 41637c5..6dcb448 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi - name: Get PAT for Stash id: stash - uses: reecetech/bitbucket-server-pat-generator@2022.11.1 + uses: reecetech/bitbucket-server-pat-generator@2022.11.2 with: base_url: https://stash.example.org/ username: ${{ steps.vault.outputs.username }} @@ -79,6 +79,7 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi | pat_uri | string | false | `"rest/access-tokens/1.0/users"` | The REST endpoint for PAT
actions | | project_permissions | string | false | `"write"` | Project permissions: read, write or
admin | | repository_permissions | string | false | `"write"` | Repository permissions: read, write or
admin | +| run_in_docker | string | false | `"false"` | Run in a Docker image
(if `actions/setup-python@v4` does not work
for you) | | seconds_between_attempts | string | false | `"30"` | Number of seconds to wait
before retrying to generate a
PAT | | username | string | true | | Username to connect to Bitbucket
Server | | valid_days | string | false | `"1"` | Days the PAT will be
valid |