-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.js
More file actions
95 lines (81 loc) · 2.41 KB
/
action.js
File metadata and controls
95 lines (81 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
const Mustache = require('mustache');
const fs = require('fs').promises;
const core = require('@actions/core');
async function parseTemplate () {
const vaultUrl = core.getInput('url', { required: true });
const vaultport = core.getInput('port', { required: true });
const vaultSecure = core.getInput('secure', { required: false });
const vaultToken = core.getInput('token', { required: false });
const vaultTokenRenew = core.getInput('renew', { requied: false });
const vaultSecret = core.getInput('secret', { required: true });
const vaultSkipVerify = core.getInput('skip-verify', { required: false });
const valuesExtras = core.getInput('extras', { requried: false });
const templateFile = core.getInput('template', { required: true });
try {
await fs.stat(templateFile)
} catch (e) {
console.log(e)
throw e;
}
let templateOut;
const outFile = core.getInput('out', { required: false });
if (outFile.length === 0) {
templateOut = templateFile + '.parsed';
} else {
templateOut = outFile;
}
console.log('connecting to vault');
if (vaultSkipVerify) {
process.env.VAULT_SKIP_VERIFY = 'true';
}
const vault = require('node-vault')({
token: vaultToken,
endpoint: `${vaultSecure ? 'https://' : 'http://'}${vaultUrl}:${vaultport}`
});
let values
try {
const parsed = valuesExtras ? JSON.parse(valuesExtras) : {};
values = parsed
} catch (e) {
console.log(e);
throw e;
}
try {
console.log(`getting secret values from vault at path ${vaultSecret}`);
const keyList = await vault.list(vaultSecret);
for (const key of keyList.data.keys) {
const keyValue = await vault.read(`${vaultSecret}/${key}`);
values[key] = Buffer.from(keyValue.data.value).toString('base64');
}
} catch (e) {
console.log(e);
throw e;
}
let parsed;
try {
console.log('Parsing file ' + templateFile);
const data = await fs.readFile(templateFile, 'utf-8');
const p = Mustache.render(data, values);
parsed = p;
} catch (e) {
console.log(e);
throw e;
}
try {
console.log('Writing output file ' + templateOut)
await fs.writeFile(templateOut, parsed)
} catch (e) {
console.log(e);
throw e
}
if (vaultTokenRenew) {
try {
console.log('Renewing Token');
await vault.tokenRenewSelf()
} catch (e) {
console.log(e);
throw e
}
}
};
module.exports = { parseTemplate };