feat: Add optional credentials_file_path input for setup-gcloud (#153) (

#213) * Add optional credentials_file_path input for setup-gcloud (#153) * Add optional credentials_file_path input to setup-gcloud * Update setup-gcloud/tests/setup-gcloud.test.ts Co-authored-by: Averi Kitsch <akitsch@google.com> Co-authored-by: Averi Kitsch <akitsch@google.com> * Respond to comments * lint * update timeout Co-authored-by: Bryan Ricker <bryancricker@gmail.com>
google-github-actions · Oct 27, 2020 · a4a3ab7 · a4a3ab7
1 parent 5df8a15
commit a4a3ab7
Show file tree

Hide file tree

Showing 8 changed files with 393 additions and 10 deletions.
diff --git a/.github/workflows/setup-gcloud.yml b/.github/workflows/setup-gcloud.yml
@@ -33,3 +33,7 @@ jobs:
     - name: Lint
       working-directory: ./setup-gcloud
       run: npm run lint
+
+    - name: Test
+      working-directory: ./setup-gcloud
+      run: npm test
diff --git a/setup-gcloud/README.md b/setup-gcloud/README.md
@@ -72,10 +72,12 @@ steps:
 
 * `service_account_email`: (Optional) Service account email address to use for authentication. This is required for legacy .p12 keys but can be omitted for .json keys. This is usually of the format `<name>@<project-id>.iam.gserviceaccount.com`.
 
-* `service_account_key`: (Optional) The service account key which will be used for authentication. This key should be [created](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and stored as a [secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets). It can be encoded as a [Base64](https://en.wikipedia.org/wiki/Base64) string (eg. `cat my-key.json | base64` on macOS) or as JSON. 
+* `service_account_key`: (Optional) The service account key which will be used for authentication. This key should be [created](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and stored as a [secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets). It can be encoded as a [Base64](https://en.wikipedia.org/wiki/Base64) string (eg. `cat my-key.json | base64` on macOS) or as JSON.
 
 * `export_default_credentials`: (Optional) Export the provided credentials as [Google Default Application Credentials][dac]. This will make the credentials available to later steps. Future steps that consume Default Application Credentials will automatically detect and use these credentials.
 
+* `credentials_file_path`: (Optional) Only valid when `export_default_credentials` is `true`. Sets the path at which the credentials should be written. If not provided, `GITHUB_WORKSPACE` is used.
+
 * `project_id`: (Optional) ID of the Google Cloud project. If provided, this will configure gcloud to use this project ID by default for commands. Individual commands can still override the project using the --project flag which takes precedence.
 
 [dac]: https://cloud.google.com/docs/authentication/production

diff --git a/setup-gcloud/action.yml b/setup-gcloud/action.yml
@@ -58,6 +58,14 @@ inputs:
       these credentials.
     default: false
     required: false
+  credentials_file_path:
+    description: |-
+      The path and name of the file to which to write the shared default
+      credentials. This option is only valid when
+      export_default_credentials=true. By default, the credentials will be
+      written to a new file in the root of GITHUB_WORKSPACE.
+    default: null
+    required: false
 
 runs:
   using: node12

diff --git a/setup-gcloud/package-lock.json b/setup-gcloud/package-lock.json
diff --git a/setup-gcloud/package.json b/setup-gcloud/package.json
@@ -4,8 +4,9 @@
   "description": "Setup gcloud GitHub action",
   "main": "dist/index.js",
   "scripts": {
-    "build": "ncc build src/setup-gcloud.ts",
+    "build": "ncc build src/index.ts",
     "lint": "eslint . --ext .ts,.tsx",
+    "test": "mocha -r ts-node/register -t 180s 'tests/*.test.ts'",
     "format": "prettier --write **/*.ts"
   },
   "repository": {
@@ -38,18 +39,20 @@
     "@types/mocha": "^7.0.1",
     "@types/node": "^13.7.4",
     "@types/semver": "^7.1.0",
+    "@types/sinon": "^7.5.2",
     "@types/tmp": "^0.1.0",
     "@types/uuid": "^3.4.7",
     "@typescript-eslint/eslint-plugin": "^2.20.0",
     "@typescript-eslint/parser": "^2.20.0",
     "@zeit/ncc": "^0.21.0",
     "chai": "^4.2.0",
+    "eslint": "^6.8.0",
     "eslint-config-prettier": "^6.10.0",
     "eslint-plugin-prettier": "^3.1.2",
-    "eslint": "^6.8.0",
     "husky": "^4.2.3",
     "mocha": "^7.0.1",
     "prettier": "^1.19.1",
+    "sinon": "^9.0.2",
     "ts-node": "^8.6.2",
     "typescript": "^3.8.2"
   }

diff --git a/setup-gcloud/src/index.ts b/setup-gcloud/src/index.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { run } from './setup-gcloud';
+
+run();
diff --git a/setup-gcloud/src/setup-gcloud.ts b/setup-gcloud/src/setup-gcloud.ts
@@ -13,14 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 import * as core from '@actions/core';
 import * as toolCache from '@actions/tool-cache';
 import * as setupGcloud from '../../setupGcloudSDK/dist/index';
 import { promises as fs } from 'fs';
 import path from 'path';
 import { v4 as uuidv4 } from 'uuid';
 
-async function run(): Promise<void> {
+export async function run(): Promise<void> {
   try {
     let version = core.getInput('version');
     if (!version || version == 'latest') {
@@ -56,15 +57,23 @@ async function run(): Promise<void> {
     // all steps.
     const exportCreds = core.getInput('export_default_credentials');
     if (String(exportCreds).toLowerCase() === 'true') {
-      const workspace = process.env.GITHUB_WORKSPACE;
-      if (!workspace) {
-        throw new Error('Missing GITHUB_WORKSPACE!');
+      let credsPath = core.getInput('credentials_file_path');
+
+      if (!credsPath) {
+        const credsDir = process.env.GITHUB_WORKSPACE;
+        if (!credsDir) {
+          throw new Error(
+            'No path for credentials. Set credentials_file_path or process.env.GITHUB_WORKSPACE',
+          );
+        }
+
+        credsPath = path.join(credsDir, uuidv4());
       }
 
-      const credsPath = path.join(workspace, uuidv4());
       const serviceAccountKeyObj = setupGcloud.parseServiceAccountKey(
         serviceAccountKey,
       );
+
       await fs.writeFile(
         credsPath,
         JSON.stringify(serviceAccountKeyObj, null, 2), // Print to file as string w/ indents
@@ -80,5 +89,3 @@ async function run(): Promise<void> {
     core.setFailed(error.message);
   }
 }
-
-run();