Skip to content

GCP Secrets Resolution For Multiline Json Values #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fqjony merged 4 commits into from
Jan 7, 2026
Merged

GCP Secrets Resolution For Multiline Json Values #117

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cfde650
fixed gcp multiline secrets resolution
fqjony Jan 7, 2026
a7b881c
upgrade github dependencies
fqjony Jan 7, 2026
9144e84
upgrade docker dependencies
fqjony Jan 7, 2026
809109d
added JSON_KEY secret ref for deployment example
fqjony Jan 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build-and-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ jobs:
jq -r '.packages[] | select(.versionInfo != null) | "\(.name) | \(.versionInfo)"' sbom.json | sort | uniq | head -n 20 | column -t -s '|'

- name: Upload SBOM Artifact
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: sbom
path: sbom.json
3 changes: 3 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ name: "CodeQL and Linter Analysis"
"on":
push:

permissions:
contents: read

jobs:
analyze-shell:
name: Analyze Shell Scripts
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
fi

- name: Upload SBOM Artifact
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: sbom
path: sbom.json
Expand All @@ -141,7 +141,7 @@ jobs:
git config --global user.name "UDX Worker"

- name: Download SBOM Artifact
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
with:
name: sbom

Expand Down
6 changes: 3 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,16 +76,16 @@ RUN echo $TZ > /etc/timezone && \
# Install yq (architecture-aware)
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; elif [ "$ARCH" = "aarch64" ]; then ARCH="arm64"; fi && \
curl -sL https://github.com/mikefarah/yq/releases/download/v4.49.2/yq_linux_${ARCH}.tar.gz | tar xz && \
curl -sL https://github.com/mikefarah/yq/releases/download/v4.50.1/yq_linux_${ARCH}.tar.gz | tar xz && \
mv yq_linux_${ARCH} /usr/bin/yq && \
rm -rf /tmp/*

# Install Google Cloud SDK (architecture-aware)
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-549.0.0-linux-x86_64.tar.gz" -o google-cloud-sdk.tar.gz; \
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-551.0.0-linux-x86_64.tar.gz" -o google-cloud-sdk.tar.gz; \
elif [ "$ARCH" = "aarch64" ]; then \
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-549.0.0-linux-arm.tar.gz" -o google-cloud-sdk.tar.gz; \
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-551.0.0-linux-arm.tar.gz" -o google-cloud-sdk.tar.gz; \
fi && \
tar -xzf google-cloud-sdk.tar.gz && \
./google-cloud-sdk/install.sh -q && \
Expand Down
1 change: 1 addition & 0 deletions deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ config:

env:
TEST_ENV_SECRET: "gcp/rabbit-ci-dev/worker-secret-test"
TEST_ENV_JSON_KEY: "gcp/rabbit-ci-dev/worker-secret-json-key"

# Mount volumes
# volumes:
Expand Down
2 changes: 1 addition & 1 deletion lib/secrets/gcp.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resolve_gcp_secret() {

# For multiline secrets (like private keys), base64 encode them
if [[ "$secret_value" == *"-----BEGIN"* ]] || [[ "$secret_value" == *$'\n'* ]]; then
printf "%s" "$secret_value" | base64
printf "%s" "$secret_value" | base64 | tr -d '\n'
else
printf "%s" "$secret_value"
fi
Expand Down