From 57e52618f086e8aa128ab69a7fadafedf0332391 Mon Sep 17 00:00:00 2001 From: Szymon Draszkiewicz Date: Fri, 7 Jun 2024 13:40:55 +0200 Subject: [PATCH 1/3] DEVOPS-7868 1password get field and get kubeconfig actions --- 1password/get-item-field/action.yaml | 32 ++++++++++++++++++++++++++ 1password/get-kubeconfig/action.yaml | 34 ++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 1password/get-item-field/action.yaml create mode 100644 1password/get-kubeconfig/action.yaml diff --git a/1password/get-item-field/action.yaml b/1password/get-item-field/action.yaml new file mode 100644 index 0000000..7341cab --- /dev/null +++ b/1password/get-item-field/action.yaml @@ -0,0 +1,32 @@ +name: 'Get item field from 1Password' +description: "Gets a field from specified 1Password vault/item" +inputs: + op-sa-token: + required: true + description: "1Password Service Account Token" + op-vault: + required: true + description: "1Password Vault" + op-item: + required: true + description: "1Password Item" + op-field: + required: true + description: "1Password Item.Field" +outputs: + field: + description: Value from 1Password Item.Field + value: ${{ steps.get-item-field.outputs.field }} + +runs: + using: "composite" + steps: + - name: Install 1Password CLI + uses: 1password/install-cli-action@v1 + + - name: Get item field + id: get-item-field + shell: bash + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.op-sa-token }} + run: echo "field=$(op item get ${{ inputs.op-item }} --vault=${{ inputs.op-vault }} --fields label=${{ inputs.op-field }})" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/1password/get-kubeconfig/action.yaml b/1password/get-kubeconfig/action.yaml new file mode 100644 index 0000000..a705f54 --- /dev/null +++ b/1password/get-kubeconfig/action.yaml @@ -0,0 +1,34 @@ +name: 'Get Kubeconfig from 1Password' +description: "Gets a kubeconfig from specified 1Password vault/item" +inputs: + op-sa-token: + required: true + description: "1Password Service Account Token" + op-vault: + required: true + description: "1Password Vault" + default: "Promil-preprod-gha-kubeconfigs" + op-item: + required: true + description: "1Password Item" +outputs: + kubeconfig: + description: Value from 1Password Item.kubeconfig + value: ${{ steps.decode-kubeconfig.outputs.kubeconfig }} + +runs: + using: "composite" + steps: + - name: Get Kubeconfig from 1Password + id: get-kubeconfig + uses: PiwikPRO/actions/1password/get-item-field@DEVOPS-7869 + with: + op-sa-token: ${{ inputs.op-sa-token }} + op-vault: ${{ inputs.op-vault }} + op-item: ${{ inputs.op-item }} + op-field: kubeconfig + + - name: Decode kubeconfig + id: decode-kubeconfig + shell: bash + run: echo "kubeconfig=$(echo '${{ steps.get-kubeconfig.outputs.field }}' | base64 --decode)" >> $GITHUB_OUTPUT \ No newline at end of file From 8891061febc507153c9f1bf4997b21f30419b528 Mon Sep 17 00:00:00 2001 From: Szymon Draszkiewicz Date: Fri, 7 Jun 2024 16:53:13 +0200 Subject: [PATCH 2/3] DEVOPS-7869 add descriptions --- README.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/README.md b/README.md index 317cc03..e3ec247 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,9 @@ - [K6](#k6) - [Benchmarking](#benchmarking) - [Platform outdated dependencies notifier](#platform-outdated-dependencies-notifier) + - [1Password](#1Password) + - [Get item field](#get-item-field) + - [Get kubeconfig](#get-kubeconfig) Custom github actions and reusable workflows used both internally and externally by Piwik PRO employees. This repo is public and licensed on MIT license, but contains some actions, that cannot be launched without Piwik PRO proprietary components or secrets - sorry! @@ -641,3 +644,74 @@ jobs: github-token-charts: ${{ steps.get-token.outputs.token }} github-token-platform: ${{ secrets.GITHUB_TOKEN }} ``` + +### 1Password +#### Get item field +`1password/get-item-field` action is a Github Action that fetches specified field from 1Password item. + +Example usage: +```yaml +on: + pull_request: + push: + branches: ["master"] +name: Test actions +jobs: + test-get-field: + runs-on: ubuntu-latest + timeout-minutes: 2 + steps: + - name: Check out repository code + uses: actions/checkout@v3 + + - name: Get field + id: get-field + uses: PiwikPRO/actions/1password/get-item-field@master + with: + op-sa-token: + op-vault: foo + op-item: bar + op-field: xyz + + - name: Echo get-field + shell: bash + run: echo ${{ steps.get-field.outputs.field }} +``` + +#### Get kubeconfig +`1password/get-kubeconfig` action is a Github Action that fetches `kubeconfig` field from 1Password item and base64 decodes it. + +Example usage: +```yaml +on: + pull_request: + push: + branches: ["master"] +name: Test actions +jobs: + test-get-kubeconfig: + runs-on: ubuntu-latest + timeout-minutes: 2 + strategy: + fail-fast: false + max-parallel: 2 + matrix: + infra-name: + example-infra-1 + example-infra-2 + steps: + - name: Check out repository code + uses: actions/checkout@v3 + + - name: Get kubeconfig + id: get-kubeconfig + uses: PiwikPRO/actions/1password/get-kubeconfig@master + with: + op-sa-token: ${{ secrets.OP_PREPROD_KUBECONFIG_SA_TOKEN}} + op-vault: ${{ secrets.OP_PREPROD_KUBECONFIG_VAULT }} + op-item: ${{ matrix.infra-name }} + + - name: Echo get-kubeconfig + shell: bash + run: echo ${{ steps.get-kubeconfig.outputs.kubeconfig }} +``` From 419b736f89dfcd4da662898f8b88049b5c79dc74 Mon Sep 17 00:00:00 2001 From: Szymon Draszkiewicz Date: Mon, 10 Jun 2024 14:14:20 +0200 Subject: [PATCH 3/3] DEVOPS-7869 pin branch to master --- 1password/get-kubeconfig/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1password/get-kubeconfig/action.yaml b/1password/get-kubeconfig/action.yaml index a705f54..ddbcf11 100644 --- a/1password/get-kubeconfig/action.yaml +++ b/1password/get-kubeconfig/action.yaml @@ -21,7 +21,7 @@ runs: steps: - name: Get Kubeconfig from 1Password id: get-kubeconfig - uses: PiwikPRO/actions/1password/get-item-field@DEVOPS-7869 + uses: PiwikPRO/actions/1password/get-item-field@master with: op-sa-token: ${{ inputs.op-sa-token }} op-vault: ${{ inputs.op-vault }}