diff --git a/1password/get-item-field/action.yaml b/1password/get-item-field/action.yaml new file mode 100644 index 0000000..7341cab --- /dev/null +++ b/1password/get-item-field/action.yaml @@ -0,0 +1,32 @@ +name: 'Get item field from 1Password' +description: "Gets a field from specified 1Password vault/item" +inputs: + op-sa-token: + required: true + description: "1Password Service Account Token" + op-vault: + required: true + description: "1Password Vault" + op-item: + required: true + description: "1Password Item" + op-field: + required: true + description: "1Password Item.Field" +outputs: + field: + description: Value from 1Password Item.Field + value: ${{ steps.get-item-field.outputs.field }} + +runs: + using: "composite" + steps: + - name: Install 1Password CLI + uses: 1password/install-cli-action@v1 + + - name: Get item field + id: get-item-field + shell: bash + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.op-sa-token }} + run: echo "field=$(op item get ${{ inputs.op-item }} --vault=${{ inputs.op-vault }} --fields label=${{ inputs.op-field }})" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/1password/get-kubeconfig/action.yaml b/1password/get-kubeconfig/action.yaml new file mode 100644 index 0000000..ddbcf11 --- /dev/null +++ b/1password/get-kubeconfig/action.yaml @@ -0,0 +1,34 @@ +name: 'Get Kubeconfig from 1Password' +description: "Gets a kubeconfig from specified 1Password vault/item" +inputs: + op-sa-token: + required: true + description: "1Password Service Account Token" + op-vault: + required: true + description: "1Password Vault" + default: "Promil-preprod-gha-kubeconfigs" + op-item: + required: true + description: "1Password Item" +outputs: + kubeconfig: + description: Value from 1Password Item.kubeconfig + value: ${{ steps.decode-kubeconfig.outputs.kubeconfig }} + +runs: + using: "composite" + steps: + - name: Get Kubeconfig from 1Password + id: get-kubeconfig + uses: PiwikPRO/actions/1password/get-item-field@master + with: + op-sa-token: ${{ inputs.op-sa-token }} + op-vault: ${{ inputs.op-vault }} + op-item: ${{ inputs.op-item }} + op-field: kubeconfig + + - name: Decode kubeconfig + id: decode-kubeconfig + shell: bash + run: echo "kubeconfig=$(echo '${{ steps.get-kubeconfig.outputs.field }}' | base64 --decode)" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/README.md b/README.md index 317cc03..e3ec247 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,9 @@ - [K6](#k6) - [Benchmarking](#benchmarking) - [Platform outdated dependencies notifier](#platform-outdated-dependencies-notifier) + - [1Password](#1Password) + - [Get item field](#get-item-field) + - [Get kubeconfig](#get-kubeconfig) Custom github actions and reusable workflows used both internally and externally by Piwik PRO employees. This repo is public and licensed on MIT license, but contains some actions, that cannot be launched without Piwik PRO proprietary components or secrets - sorry! @@ -641,3 +644,74 @@ jobs: github-token-charts: ${{ steps.get-token.outputs.token }} github-token-platform: ${{ secrets.GITHUB_TOKEN }} ``` + +### 1Password +#### Get item field +`1password/get-item-field` action is a Github Action that fetches specified field from 1Password item. + +Example usage: +```yaml +on: + pull_request: + push: + branches: ["master"] +name: Test actions +jobs: + test-get-field: + runs-on: ubuntu-latest + timeout-minutes: 2 + steps: + - name: Check out repository code + uses: actions/checkout@v3 + + - name: Get field + id: get-field + uses: PiwikPRO/actions/1password/get-item-field@master + with: + op-sa-token: + op-vault: foo + op-item: bar + op-field: xyz + + - name: Echo get-field + shell: bash + run: echo ${{ steps.get-field.outputs.field }} +``` + +#### Get kubeconfig +`1password/get-kubeconfig` action is a Github Action that fetches `kubeconfig` field from 1Password item and base64 decodes it. + +Example usage: +```yaml +on: + pull_request: + push: + branches: ["master"] +name: Test actions +jobs: + test-get-kubeconfig: + runs-on: ubuntu-latest + timeout-minutes: 2 + strategy: + fail-fast: false + max-parallel: 2 + matrix: + infra-name: + example-infra-1 + example-infra-2 + steps: + - name: Check out repository code + uses: actions/checkout@v3 + + - name: Get kubeconfig + id: get-kubeconfig + uses: PiwikPRO/actions/1password/get-kubeconfig@master + with: + op-sa-token: ${{ secrets.OP_PREPROD_KUBECONFIG_SA_TOKEN}} + op-vault: ${{ secrets.OP_PREPROD_KUBECONFIG_VAULT }} + op-item: ${{ matrix.infra-name }} + + - name: Echo get-kubeconfig + shell: bash + run: echo ${{ steps.get-kubeconfig.outputs.kubeconfig }} +```