Action cleanup state, actions toolkit sync (#33)

gacts · Aug 11, 2022 · 1d0b272 · 1d0b272
1 parent 3ddace2
commit 1d0b272
Show file tree

Hide file tree

Showing 13 changed files with 73 additions and 23 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -103,7 +103,8 @@ jobs:
 
       - run: if [[ '${{ steps.dev.outputs.secret }}' != 'psql://elon@localhost/modelX' ]]; then exit 1; fi
 
-      - uses: ./
+      - name: Run this action with a file
+        uses: ./
         id: production
         with:
           token: ${{ secrets.DOPPLER_PRODUCTION_TOKEN }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,18 @@ All notable changes to this package will be documented in this file.
 
 The format is based on [Keep a Changelog][keepachangelog] and this project adheres to [Semantic Versioning][semver].
 
+## v1.2.0
+
+### Added
+
+- Action cleanup step, for removing secrets stored in files [#32]
+
+### Changed
+
+- Dependencies updated
+
+[#32]:https://github.com/gacts/fetch-doppler-secret/issues/32
+
 ## v1.1.0
 
 ### Changed

diff --git a/action.yml b/action.yml
@@ -27,7 +27,8 @@ outputs:
 
 runs:
   using: node16
-  main: dist/index.js
+  main: dist/action/index.js
+  post: dist/cleanup/index.js
 
 branding:
   icon: activity

diff --git a/dist/action/index.js b/dist/action/index.js
diff --git a/dist/action/index.js.map b/dist/action/index.js.map
diff --git a/dist/sourcemap-register.js → dist/action/sourcemap-register.js b/dist/sourcemap-register.js → dist/action/sourcemap-register.js
diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js
diff --git a/dist/index.js.map → dist/cleanup/index.js.map b/dist/index.js.map → dist/cleanup/index.js.map
diff --git a/dist/cleanup/sourcemap-register.js b/dist/cleanup/sourcemap-register.js
diff --git a/dist/index.js b/dist/index.js
diff --git a/package.json b/package.json
@@ -4,7 +4,9 @@
   "main": "src/index.js",
   "scripts": {
     "lint": "eslint src",
-    "build": "ncc build src/index.js -o dist --source-map --minify --no-cache"
+    "build-index": "ncc build src/index.js -o dist/action --source-map --minify --no-cache",
+    "build-cleanup": "ncc build src/cleanup.js -o dist/cleanup --source-map --minify --no-cache",
+    "build": "yarn run build-index && yarn run build-cleanup"
   },
   "repository": {
     "type": "git",

diff --git a/src/cleanup.js b/src/cleanup.js
@@ -0,0 +1,28 @@
+const fs = require('fs')
+const core = require('@actions/core')
+
+// main cleanup action entrypoint
+async function run() {
+  const secretFile = core.getState('secret_file')
+
+  if (secretFile !== "") {
+    await fs.access(secretFile, fs.constants.F_OK, (err) => {
+      if (err) throw err
+
+      fs.unlink(secretFile, (err) => {
+        if (err) throw err
+
+        core.info(`File "${secretFile}" with a secret was deleted`)
+      })
+    })
+  } else {
+    core.debug('Nothing to clean up')
+  }
+}
+
+// run the action
+(async () => {
+  await run()
+})().catch(error => {
+  core.setFailed(error.message)
+})
diff --git a/src/index.js b/src/index.js
@@ -1,29 +1,28 @@
-const core = require('@actions/core')
-const httpClient = require('@actions/http-client')
-const {BasicCredentialHandler} = require('@actions/http-client/auth')
-const querystring = require('querystring')
 const fs = require('fs')
+const core = require('@actions/core')
+const hc = require('@actions/http-client')
+const hcAuth = require('@actions/http-client/lib/auth')
 
 // read action inputs
 const input = {
-  dopplerToken: core.getInput('token'),
-  dopplerProject: core.getInput('project'),
+  dopplerToken: core.getInput('token', {required: true}),
+  dopplerProject: core.getInput('project', {required: true}),
   dopplerConfig: core.getInput('config'),
-  secretName: core.getInput('secret-name'),
+  secretName: core.getInput('secret-name', {required: true}),
   saveToFile: core.getInput('save-to-file'),
 }
 
 // force the doppler token masking
-if (input.dopplerToken.length > 0) {
+if (input.dopplerToken !== "") {
   core.setSecret(input.dopplerToken)
 } else {
   core.warning('Doppler token was not provided')
 }
 
 // main action entrypoint
 async function run() {
-  // create http client instance (docs: <https://github.com/actions/http-client>)
-  const http = new httpClient.HttpClient(undefined, [new BasicCredentialHandler(input.dopplerToken, '')], {
+  // create http client instance (docs: <https://github.com/actions/toolkit/tree/main/packages/http-client>)
+  const http = new hc.HttpClient(undefined, [new hcAuth.BasicCredentialHandler(input.dopplerToken, '')], {
     headers: {
       'Accept': 'application/json',
       'Content-Type': 'application/json',
@@ -32,11 +31,11 @@ async function run() {
 
   // make an http request to the doppler API
   const res = await http.get(
-    'https://api.doppler.com/v3/configs/config/secret?' + querystring.stringify({
+    'https://api.doppler.com/v3/configs/config/secret?' + (new URLSearchParams({
       project: input.dopplerProject,
       config: input.dopplerConfig,
       name: input.secretName,
-    })
+    }).toString())
   )
 
   // read and parse response content
@@ -86,18 +85,21 @@ async function run() {
         fs.write(fd, Buffer.from(computed), 0, computed.length, null, (err) => {
           if (err) throw err
         })
+
+        // https://github.com/actions/toolkit/tree/main/packages/core#action-state
+        core.saveState('secret_file', input.saveToFile) // for the "post" action
       } finally {
         fs.close(fd, (err) => {
           if (err) throw err
-        });
+        })
       }
     })
   }
 }
 
 // run the action
-try {
-  run()
-} catch (error) {
+(async () => {
+  await run()
+})().catch(error => {
   core.setFailed(error.message)
-}
+})