From c5b5e6c290f4109a26441defc1005f8486571acf Mon Sep 17 00:00:00 2001 From: Phil Jay Date: Wed, 23 Nov 2022 08:24:45 +1100 Subject: [PATCH 1/2] Replace deprecated GitHub functions --- README.md | 4 ++-- pat_helper.py | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 7368778..5154773 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi ```yaml - name: Get creds from Vault id: vault - uses: hashicorp/vault-action@v2.4.0 + uses: hashicorp/vault-action@v2.4.3 with: url: https://vault.example.org/ method: jwt @@ -47,7 +47,7 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi - name: Get PAT for Stash id: stash - uses: reecetech/bitbucket-server-pat-generator@2022.6.3 + uses: reecetech/bitbucket-server-pat-generator@2022.11.1 with: base_url: https://stash.example.org/ username: ${{ steps.vault.outputs.username }} diff --git a/pat_helper.py b/pat_helper.py index 8065971..9cd8cf3 100644 --- a/pat_helper.py +++ b/pat_helper.py @@ -238,14 +238,16 @@ def print_outputs(): pat_encoded = urllib.parse.quote(PAT, safe='') print(f"::add-mask::{PAT}") # mark the PAT as secret in GitHub Actions logs print(f"::add-mask::{pat_encoded}") # mark the PAT as secret in GitHub Actions logs - print(f"::set-output name=username::{USERNAME}") - print(f"::set-output name=username_encoded::{username_encoded}") - print(f"::set-output name=pat::{PAT}") - print(f"::set-output name=pat_encoded::{pat_encoded}") - print(f"::set-output name=pat_id::{PAT_ID}") + with open(os.environ['GITHUB_OUTPUT'], 'a', encoding='utf-8') as output: + print(f"username={USERNAME}", file=output) + print(f"username_encoded={username_encoded}", file=output) + print(f"pat={PAT}", file=output) + print(f"pat_encoded={pat_encoded}", file=output) + print(f"pat_id={PAT_ID}", file=output) # STATE_CLEANUP_PAT_ID will be used in the post action phase to automatically revoke the PAT - print(f"::save-state name=CLEANUP_PAT_ID::{PAT_ID}") + with open(os.environ['GITHUB_STATE'], 'a', encoding='utf-8') as state: + print(f"CLEANUP_PAT_ID={PAT_ID}", file=state) ##==-------------------------------------------------------------------- ## Main... From 6385b8ae6e121187e80fe9ba41957f8f8061a53e Mon Sep 17 00:00:00 2001 From: ps-jay Date: Tue, 22 Nov 2022 21:27:03 +0000 Subject: [PATCH 2/2] Update README --- README.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 5154773..41637c5 100644 --- a/README.md +++ b/README.md @@ -67,21 +67,21 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi | INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION | |--------------------------|--------|----------|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| base_url | string | true | | Base URL of Bitbucket Server
| -| check_using_ldap_bind | string | false | `"false"` | Check the password validity using
an LDAP bind to avoid
Bitbucket requiring a CAPTCHA after
failed authentication attempts | -| ldap_hosts | string | false | | Comma separated list of LDAP
hosts (only used if `check_using_ldap_bind`
is `true`) | -| ldap_path | string | false | | The path where the username
will be found in the
LDAP tree (only used if
`check_using_ldap_bind` is `true`) For example,
if the user object is
`CN=username,OU=tech,OU=Accounts,DC=example,DC=org`, then set `ldap_path` to:
`OU=tech,OU=Accounts,DC=example,DC=org` | -| ldap_port | string | false | `"389"` | TCP port to connect to
LDAP hosts (only used if
`check_using_ldap_bind` is `true`) | -| max_attempts | string | false | `"10"` | Number of times to attempt
to generate a PAT | -| mode | string | false | `"create"` | Mode to run in -
either `create` or `revoke` | -| password | string | true | | Password to connect to Bitbucket
Server | -| pat_id | string | false | | The ID of the PAT
to revoke (only used if
`mode` is `revoke`) | -| pat_uri | string | false | `"rest/access-tokens/1.0/users"` | The REST endpoint for PAT
actions | -| project_permissions | string | false | `"write"` | Project permissions: read, write or
admin | -| repository_permissions | string | false | `"write"` | Repository permissions: read, write or
admin | -| seconds_between_attempts | string | false | `"30"` | Number of seconds to wait
before retrying to generate a
PAT | -| username | string | true | | Username to connect to Bitbucket
Server | -| valid_days | string | false | `"1"` | Days the PAT will be
valid | +| base_url | string | true | | Base URL of Bitbucket Server
| +| check_using_ldap_bind | string | false | `"false"` | Check the password validity using
an LDAP bind to avoid
Bitbucket requiring a CAPTCHA after
failed authentication attempts | +| ldap_hosts | string | false | | Comma separated list of LDAP
hosts (only used if `check_using_ldap_bind`
is `true`) | +| ldap_path | string | false | | The path where the username
will be found in the
LDAP tree (only used if
`check_using_ldap_bind` is `true`) For example,
if the user object is
`CN=username,OU=tech,OU=Accounts,DC=example,DC=org`, then set `ldap_path` to:
`OU=tech,OU=Accounts,DC=example,DC=org` | +| ldap_port | string | false | `"389"` | TCP port to connect to
LDAP hosts (only used if
`check_using_ldap_bind` is `true`) | +| max_attempts | string | false | `"10"` | Number of times to attempt
to generate a PAT | +| mode | string | false | `"create"` | Mode to run in -
either `create` or `revoke` | +| password | string | true | | Password to connect to Bitbucket
Server | +| pat_id | string | false | | The ID of the PAT
to revoke (only used if
`mode` is `revoke`) | +| pat_uri | string | false | `"rest/access-tokens/1.0/users"` | The REST endpoint for PAT
actions | +| project_permissions | string | false | `"write"` | Project permissions: read, write or
admin | +| repository_permissions | string | false | `"write"` | Repository permissions: read, write or
admin | +| seconds_between_attempts | string | false | `"30"` | Number of seconds to wait
before retrying to generate a
PAT | +| username | string | true | | Username to connect to Bitbucket
Server | +| valid_days | string | false | `"1"` | Days the PAT will be
valid | @@ -91,11 +91,11 @@ We have chosen not to create a new Vault secrets engine, as we could deliver thi | OUTPUT | TYPE | DESCRIPTION | |------------------|--------|--------------------------------------------| -| pat | string | PAT to connect to Bitbucket
Server | -| pat_encoded | string | PAT URL encoded | -| pat_id | string | ID of the PAT (can
be used to revoke) | -| username | string | Username to connect to Bitbucket
Server | -| username_encoded | string | Username URL encoded | +| pat | string | PAT to connect to Bitbucket
Server | +| pat_encoded | string | PAT URL encoded | +| pat_id | string | ID of the PAT (can
be used to revoke) | +| username | string | Username to connect to Bitbucket
Server | +| username_encoded | string | Username URL encoded |