Skip to content

Latest commit

 

History

History
115 lines (94 loc) · 4.37 KB

README.md

File metadata and controls

115 lines (94 loc) · 4.37 KB

Mock YAML Secrets Action

GitHub Release GitHub Repo stars License GitHub Activity Code coverage Project Maintenance BuyMeCoffee

This action will scan all your YAML files for secrets and makes a secrets.yaml that can be used by other actions.

We don't want our secrets.yaml file to be checked in and this can cause some challenges when want to verify or built a project. Having a separate secrets.yaml for CI/CD is a nice solution, but requires manual updates and usually you find out after a failed workflow that you forgot to update.

With this action you can generate a secrets.yaml file with some rules that are applicable to your project. And your CI/CD will be happy again.

This action is designed to work well with:

Usage

You can use this action in your workflow as desired, see the following example.

name: CI

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v3

      - name: Mock secrets
        uses: golles/mock-yaml-secrets-action@v1
        with:
          configFile: '.github/workflows/mock-secrets-config.json'

      - name: Build software
        run: echo done # Your build that requires a secret file.

Configuration

Configuration is provided in a JSON file, the file is required but can contain an empty object {} for defaults. In the example above the file is located at .github/workflows/mock-secrets-config.json.

Configuration Default value Explaination
directory './' The directory to scan recursively for YAML files
excludePaths [] Paths you want to exclude, eg. [".github", ".vscode"]
secretFile 'secrets.yaml' Output secret filename
defaultValue 'value0123' The default value for secrets that don't match any rules
rules {} See below

Rules

Rules are applied in the order they are provided, after a successful match no other rules are attempted. A regular expression should be used as the key, the value will be used as a secret.

{
  "directory": "./",
  "excludePaths": [".github", ".vscode"],
  "secretFile": "secrets.yaml",
  "defaultValue": "secret",
  "rules": {
    ".*_ip": "10.0.0.12",
    ".*_mac": "00:00:00:00:00:00",
    ".*_url": "https://foo.bar",
    "network_subnet": "10.0.0.0/8",
    "encryption_key": "12345678901234567890123456789012"
  }
}

Technical note: the regular expression is tested with new RegExp(rule).test() More info on mozilla.org