feat: switch to using actions-utils (#173)

google-github-actions · Dec 22, 2021 · 0b9d5d2 · 0b9d5d2
1 parent 9d1654c
commit 0b9d5d2
Show file tree

Hide file tree

Showing 9 changed files with 147 additions and 315 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -27,6 +27,7 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@actions/core": "^1.6.0",
+    "@google-github-actions/actions-utils": "^0.1.0",
     "google-auth-library": "^7.11.0",
     "yaml": "^1.10.2"
   },

diff --git a/src/gkeClient.ts b/src/gkeClient.ts
@@ -21,6 +21,9 @@ import YAML from 'yaml';
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const { version: appVersion } = require('../package.json');
 
+// userAgent is the user agent string.
+const userAgent = `github-actions-get-gke-credentials/${appVersion}`;
+
 // clusterResourceNamePattern is the regular expression to use to match resource
 // names.
 const clusterResourceNamePattern = new RegExp(/^projects\/(.+)\/locations\/(.+)\/clusters\/(.+)$/i);
@@ -94,7 +97,6 @@ export class ClusterClient {
   readonly #location?: string;
 
   readonly defaultEndpoint = 'https://container.googleapis.com/v1';
-  readonly userAgent = `github-actions-get-gke-credentials/${appVersion}`;
   readonly auth: GoogleAuth;
 
   constructor(opts: ClientOptions) {
@@ -170,7 +172,7 @@ export class ClusterClient {
     const resp = (await this.auth.request({
       url: url,
       headers: {
-        'User-Agent': this.userAgent,
+        'User-Agent': userAgent,
       },
     })) as ClusterResponse;
     return resp;

diff --git a/src/main.ts b/src/main.ts
@@ -22,15 +22,15 @@ import {
   setFailed,
   warning as logWarning,
 } from '@actions/core';
-import { ExternalAccountClientOptions } from 'google-auth-library';
-
 import {
+  Credential,
   errorMessage,
   isServiceAccountKey,
-  parseServiceAccountKeyJSON,
-  ServiceAccountKey,
-  writeFile,
-} from './util';
+  parseCredential,
+  randomFilepath,
+  writeSecureFile,
+} from '@google-github-actions/actions-utils';
+
 import { ClusterClient } from './gkeClient';
 
 async function run(): Promise<void> {
@@ -47,15 +47,15 @@ async function run(): Promise<void> {
     let contextName = getInput('context_name');
 
     // Add warning if using credentials
-    let credentialsJSON: ServiceAccountKey | ExternalAccountClientOptions | undefined;
+    let credentialsJSON: Credential | undefined;
     if (credentials) {
       logWarning(
         'The "credentials" input is deprecated. ' +
           'Please switch to using google-github-actions/auth which supports both Workload Identity Federation and JSON Key authentication. ' +
           'For more details, see https://github.com/google-github-actions/get-gke-credentials#authorization',
       );
 
-      credentialsJSON = parseServiceAccountKeyJSON(credentials);
+      credentialsJSON = parseCredential(credentials);
     }
 
     // Pick the best project ID.
@@ -115,11 +115,19 @@ async function run(): Promise<void> {
     });
 
     // Write kubeconfig to disk
-    const kubeConfigPath = await writeFile(kubeConfig);
+    try {
+      const workspace = process.env.GITHUB_WORKSPACE;
+      if (!workspace) {
+        throw new Error('Missing $GITHUB_WORKSPACE!');
+      }
 
-    // Export KUBECONFIG env var with path to kubeconfig
-    exportVariable('KUBECONFIG', kubeConfigPath);
-    logInfo(`Successfully created and exported "KUBECONFIG" at ${kubeConfigPath}`);
+      const kubeConfigPath = await writeSecureFile(randomFilepath(workspace), kubeConfig);
+      exportVariable('KUBECONFIG', kubeConfigPath);
+      logInfo(`Successfully created and exported "KUBECONFIG" at ${kubeConfigPath}`);
+    } catch (err) {
+      const msg = errorMessage(err);
+      throw new Error(`Failed to write Kubernetes config file: ${msg}`);
+    }
   } catch (err) {
     const msg = errorMessage(err);
     setFailed(`google-github-actions/get-gke-credentials failed with: ${msg}`);

diff --git a/src/util.ts b/src/util.ts
diff --git a/tests/clusterClient.test.ts b/tests/clusterClient.test.ts
@@ -19,10 +19,9 @@ import 'mocha';
 
 import crypto from 'crypto';
 
+import { parseCredential } from '@google-github-actions/actions-utils';
 import YAML from 'yaml';
 
-import { parseServiceAccountKeyJSON } from '../src/util';
-
 const credentials = process.env.GET_GKE_CRED_SA_KEY_JSON;
 const project = process.env.GET_GKE_CRED_PROJECT;
 const name = process.env.GET_GKE_CRED_CLUSTER_NAME;
@@ -121,7 +120,7 @@ describe('Cluster', function () {
     const client = new ClusterClient({
       projectID: project,
       location: location,
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const result = await client.getCluster(name);
 
@@ -135,7 +134,7 @@ describe('Cluster', function () {
 
     const resourceName = `projects/${project}/locations/${location}/clusters/${name}`;
     const client = new ClusterClient({
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const result = await client.getCluster(resourceName);
 
@@ -150,7 +149,7 @@ describe('Cluster', function () {
     const client = new ClusterClient({
       projectID: project,
       location: location,
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const token = await client.getToken();
 
@@ -164,7 +163,7 @@ describe('Cluster', function () {
     const client = new ClusterClient({
       projectID: project,
       location: location,
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const kubeconfig = YAML.parse(
       await client.createKubeConfig({
@@ -193,7 +192,7 @@ describe('Cluster', function () {
     const client = new ClusterClient({
       projectID: project,
       location: location,
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const kubeconfig = YAML.parse(
       await client.createKubeConfig({
@@ -222,7 +221,7 @@ describe('Cluster', function () {
     const client = new ClusterClient({
       projectID: project,
       location: location,
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const kubeconfig = YAML.parse(
       await client.createKubeConfig({
@@ -253,7 +252,7 @@ describe('Cluster', function () {
     const client = new ClusterClient({
       projectID: project,
       location: location,
-      credentials: parseServiceAccountKeyJSON(credentials),
+      credentials: parseCredential(credentials),
     });
     const kubeconfig = YAML.parse(
       await client.createKubeConfig({

diff --git a/tests/e2e/e2e.test.ts b/tests/e2e/e2e.test.ts
@@ -14,8 +14,9 @@
  * limitations under the License.
  */
 
-import { expect } from 'chai';
 import 'mocha';
+import { expect } from 'chai';
+
 import { KubeConfig, CoreV1Api } from '@kubernetes/client-node';
 
 describe('E2E tests', function () {

diff --git a/tests/util.test.ts b/tests/util.test.ts