diff --git a/README.md b/README.md
index 7368778..41637c5 100644
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi
```yaml
- name: Get creds from Vault
id: vault
- uses: hashicorp/vault-action@v2.4.0
+ uses: hashicorp/vault-action@v2.4.3
with:
url: https://vault.example.org/
method: jwt
@@ -47,7 +47,7 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi
- name: Get PAT for Stash
id: stash
- uses: reecetech/bitbucket-server-pat-generator@2022.6.3
+ uses: reecetech/bitbucket-server-pat-generator@2022.11.1
with:
base_url: https://stash.example.org/
username: ${{ steps.vault.outputs.username }}
@@ -67,21 +67,21 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi
| INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION |
|--------------------------|--------|----------|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| base_url | string | true | | Base URL of Bitbucket Server
|
-| check_using_ldap_bind | string | false | `"false"` | Check the password validity using
an LDAP bind to avoid
Bitbucket requiring a CAPTCHA after
failed authentication attempts |
-| ldap_hosts | string | false | | Comma separated list of LDAP
hosts (only used if `check_using_ldap_bind`
is `true`) |
-| ldap_path | string | false | | The path where the username
will be found in the
LDAP tree (only used if
`check_using_ldap_bind` is `true`) For example,
if the user object is
`CN=username,OU=tech,OU=Accounts,DC=example,DC=org`, then set `ldap_path` to:
`OU=tech,OU=Accounts,DC=example,DC=org` |
-| ldap_port | string | false | `"389"` | TCP port to connect to
LDAP hosts (only used if
`check_using_ldap_bind` is `true`) |
-| max_attempts | string | false | `"10"` | Number of times to attempt
to generate a PAT |
-| mode | string | false | `"create"` | Mode to run in -
either `create` or `revoke` |
-| password | string | true | | Password to connect to Bitbucket
Server |
-| pat_id | string | false | | The ID of the PAT
to revoke (only used if
`mode` is `revoke`) |
-| pat_uri | string | false | `"rest/access-tokens/1.0/users"` | The REST endpoint for PAT
actions |
-| project_permissions | string | false | `"write"` | Project permissions: read, write or
admin |
-| repository_permissions | string | false | `"write"` | Repository permissions: read, write or
admin |
-| seconds_between_attempts | string | false | `"30"` | Number of seconds to wait
before retrying to generate a
PAT |
-| username | string | true | | Username to connect to Bitbucket
Server |
-| valid_days | string | false | `"1"` | Days the PAT will be
valid |
+| base_url | string | true | | Base URL of Bitbucket Server
|
+| check_using_ldap_bind | string | false | `"false"` | Check the password validity using
an LDAP bind to avoid
Bitbucket requiring a CAPTCHA after
failed authentication attempts |
+| ldap_hosts | string | false | | Comma separated list of LDAP
hosts (only used if `check_using_ldap_bind`
is `true`) |
+| ldap_path | string | false | | The path where the username
will be found in the
LDAP tree (only used if
`check_using_ldap_bind` is `true`) For example,
if the user object is
`CN=username,OU=tech,OU=Accounts,DC=example,DC=org`, then set `ldap_path` to:
`OU=tech,OU=Accounts,DC=example,DC=org` |
+| ldap_port | string | false | `"389"` | TCP port to connect to
LDAP hosts (only used if
`check_using_ldap_bind` is `true`) |
+| max_attempts | string | false | `"10"` | Number of times to attempt
to generate a PAT |
+| mode | string | false | `"create"` | Mode to run in -
either `create` or `revoke` |
+| password | string | true | | Password to connect to Bitbucket
Server |
+| pat_id | string | false | | The ID of the PAT
to revoke (only used if
`mode` is `revoke`) |
+| pat_uri | string | false | `"rest/access-tokens/1.0/users"` | The REST endpoint for PAT
actions |
+| project_permissions | string | false | `"write"` | Project permissions: read, write or
admin |
+| repository_permissions | string | false | `"write"` | Repository permissions: read, write or
admin |
+| seconds_between_attempts | string | false | `"30"` | Number of seconds to wait
before retrying to generate a
PAT |
+| username | string | true | | Username to connect to Bitbucket
Server |
+| valid_days | string | false | `"1"` | Days the PAT will be
valid |
@@ -91,11 +91,11 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi
| OUTPUT | TYPE | DESCRIPTION |
|------------------|--------|--------------------------------------------|
-| pat | string | PAT to connect to Bitbucket
Server |
-| pat_encoded | string | PAT URL encoded |
-| pat_id | string | ID of the PAT (can
be used to revoke) |
-| username | string | Username to connect to Bitbucket
Server |
-| username_encoded | string | Username URL encoded |
+| pat | string | PAT to connect to Bitbucket
Server |
+| pat_encoded | string | PAT URL encoded |
+| pat_id | string | ID of the PAT (can
be used to revoke) |
+| username | string | Username to connect to Bitbucket
Server |
+| username_encoded | string | Username URL encoded |
diff --git a/pat_helper.py b/pat_helper.py
index 8065971..9cd8cf3 100644
--- a/pat_helper.py
+++ b/pat_helper.py
@@ -238,14 +238,16 @@ def print_outputs():
pat_encoded = urllib.parse.quote(PAT, safe='')
print(f"::add-mask::{PAT}") # mark the PAT as secret in GitHub Actions logs
print(f"::add-mask::{pat_encoded}") # mark the PAT as secret in GitHub Actions logs
- print(f"::set-output name=username::{USERNAME}")
- print(f"::set-output name=username_encoded::{username_encoded}")
- print(f"::set-output name=pat::{PAT}")
- print(f"::set-output name=pat_encoded::{pat_encoded}")
- print(f"::set-output name=pat_id::{PAT_ID}")
+ with open(os.environ['GITHUB_OUTPUT'], 'a', encoding='utf-8') as output:
+ print(f"username={USERNAME}", file=output)
+ print(f"username_encoded={username_encoded}", file=output)
+ print(f"pat={PAT}", file=output)
+ print(f"pat_encoded={pat_encoded}", file=output)
+ print(f"pat_id={PAT_ID}", file=output)
# STATE_CLEANUP_PAT_ID will be used in the post action phase to automatically revoke the PAT
- print(f"::save-state name=CLEANUP_PAT_ID::{PAT_ID}")
+ with open(os.environ['GITHUB_STATE'], 'a', encoding='utf-8') as state:
+ print(f"CLEANUP_PAT_ID={PAT_ID}", file=state)
##==--------------------------------------------------------------------
## Main...