Azure
/
k8s-actions
зеркало из https://github.com/Azure/k8s-actions.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

k8s set secret action (#4) 

* k8s set secret action

* PR comments

* Update README.md
This commit is contained in:
Deepak Sattiraju 2019-07-29 15:31:59 +05:30 коммит произвёл GitHub
Родитель b82dd9b4ba
Коммит 54a22de846
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
5 изменённых файлов: 285 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

14
k8s-set-secret/README.md Normal file
Просмотреть файл

@ -0,0 +1,14 @@
# Usage
```yaml
# Assumes that the secret will be created in the cluster context which was set in the action above
- name: Set imagePullSecret
uses: azure/k8s-actions/k8s-set-secret@master
with:
namespace: 'myapp'
container-registry-url: 'containerregistry.contoso.com'
container-registry-username: ${{ secrets.DOCKER_USERNAME }}
container-registry-password: ${{ secrets.DOCKER_PASSWORD }}
secret-name: 'contoso-cr'
id: set-secret
```

38
k8s-set-secret/action.yml Normal file
Просмотреть файл

@ -0,0 +1,38 @@
name: 'Create secret in Kubernetes cluster'
description: 'Create a generic secret or docker-registry secret in Kubernetes cluster'
inputs:
# Only namespace details are required. This action assumes K8s set context action has run earlier
namespace:
description: 'Choose the target Kubernetes namespace. If the namespace is not provided, the commands will run in the default namespace.'
required: false
container-registry-url:
description: 'Container registry url'
required: false
container-registry-username:
description: 'Container registry username'
required: false
container-registry-password:
description: 'Container registry password'
required: false
container-registry-email:
description: 'Container registry email'
required: false
secret-type:
description: 'Type of Kubernetes secret. For example, docker-registry or generic'
required: true
default: 'docker-registry'
secret-name:
description: 'Name of the secret. You can use this secret name in the Kubernetes YAML configuration file.'
required: true
arguments:
description: 'Specify keys and literal values to insert in generic type secret.For example, --from-literal=key1=value1 --from-literal=key2="top secret".'
required: false
outputs:
secret-name:
description: 'Secret name'
branding:
icon: 'k8s.svg' # vector art to display in the GitHub Marketplace
color: 'blue' # optional, decorates the entry in the GitHub Marketplace
runs:
using: 'node'
main: 'lib/run.js'

109
k8s-set-secret/lib/run.js Normal file
Просмотреть файл

@ -0,0 +1,109 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const toolCache = require("@actions/tool-cache");
const core = require("@actions/core");
const toolrunner_1 = require("@actions/exec/lib/toolrunner");
const path = require("path");
const os = require("os");
const io = require("@actions/io");
let kubectlPath = "";
function checkAndSetKubectlPath() {
return __awaiter(this, void 0, void 0, function* () {
kubectlPath = yield io.which('kubectl', false);
if (kubectlPath) {
return;
}
const allVersions = toolCache.findAllVersions('kubectl');
kubectlPath = allVersions.length > 0 ? toolCache.find('kubectl', allVersions[0]) : '';
if (!kubectlPath) {
throw new Error('Kubectl is not installed');
}
kubectlPath = path.join(kubectlPath, `kubectl${getExecutableExtension()}`);
});
}
function getExecutableExtension() {
if (os.type().match(/^Win/)) {
return '.exe';
}
return '';
}
function createSecret() {
return __awaiter(this, void 0, void 0, function* () {
const typeOfSecret = core.getInput('secret-type', { required: true });
const secretName = core.getInput('secret-name', { required: true });
const namespace = core.getInput('namespace');
yield deleteSecret(namespace, secretName);
let args;
if (typeOfSecret === "docker-registry") {
args = getDockerSecretArguments(secretName);
}
else if (typeOfSecret === "generic") {
args = getGenericSecretArguments(secretName);
}
else {
throw new Error('Invalid secret-type input. It should be either docker-registry or generic');
}
if (namespace) {
args.push('-n', namespace);
}
const toolRunner = new toolrunner_1.ToolRunner(kubectlPath, args);
const code = yield toolRunner.exec();
if (code != 0) {
throw new Error('Secret create failed.');
}
core.setOutput('secret-name', secretName);
});
}
function deleteSecret(namespace, secretName) {
return __awaiter(this, void 0, void 0, function* () {
let args = ['delete', 'secret', secretName];
if (namespace) {
args.push('-n', namespace);
}
const toolRunner = new toolrunner_1.ToolRunner(kubectlPath, args, { failOnStdErr: false, ignoreReturnCode: true, silent: true });
yield toolRunner.exec();
core.debug(`Deleting ${secretName} if already exist.`);
});
}
function getDockerSecretArguments(secretName) {
const userName = core.getInput('container-registry-username');
const password = core.getInput('container-registry-password');
const server = core.getInput('container-registry-url');
let email = core.getInput('container-registry-email');
let args = ['create', 'secret', 'docker-registry', secretName, '--docker-username', userName, '--docker-password', password];
if (server) {
args.push('--docker-server', server);
}
if (!email) {
email = ' ';
}
args.push('--docker-email', email);
return args;
}
function getGenericSecretArguments(secretName) {
const secretArguments = core.getInput('arguments');
let args = ['create', 'secret', 'generic', secretName];
args.push(...toolrunner_1.argStringToArray(secretArguments));
return args;
}
function checkClusterContext() {
if (!process.env["KUBECONFIG"]) {
throw new Error('Cluster context not set. Use k8s-set-context/aks-set-context action to set cluster context');
}
}
function run() {
return __awaiter(this, void 0, void 0, function* () {
checkClusterContext();
yield checkAndSetKubectlPath();
yield createSecret();
});
}
run().catch(core.setFailed);

115
k8s-set-secret/src/run.ts Normal file
Просмотреть файл

@ -0,0 +1,115 @@
import * as toolCache from '@actions/tool-cache';
import * as core from '@actions/core';
import { ToolRunner, argStringToArray } from "@actions/exec/lib/toolrunner";
import * as path from 'path';
import * as os from 'os';
import * as io from '@actions/io';
let kubectlPath = "";
async function checkAndSetKubectlPath() {
kubectlPath = await io.which('kubectl', false);
if (kubectlPath) {
return;
}
const allVersions = toolCache.findAllVersions('kubectl');
kubectlPath = allVersions.length > 0 ? toolCache.find('kubectl', allVersions[0]) : '';
if (!kubectlPath) {
throw new Error('Kubectl is not installed');
}
kubectlPath = path.join(kubectlPath, `kubectl${getExecutableExtension()}`);
}
function getExecutableExtension(): string {
if (os.type().match(/^Win/)) {
return '.exe';
}
return '';
}
async function createSecret() {
const typeOfSecret = core.getInput('secret-type', { required: true });
const secretName = core.getInput('secret-name', { required: true });
const namespace = core.getInput('namespace');
await deleteSecret(namespace, secretName);
let args;
if (typeOfSecret === "docker-registry") {
args = getDockerSecretArguments(secretName);
}
else if (typeOfSecret === "generic") {
args = getGenericSecretArguments(secretName);
}
else {
throw new Error('Invalid secret-type input. It should be either docker-registry or generic');
}
if (namespace) {
args.push('-n', namespace);
}
const toolRunner = new ToolRunner(kubectlPath, args);
const code = await toolRunner.exec();
if (code != 0) {
throw new Error('Secret create failed.')
}
core.setOutput('secret-name', secretName);
}
async function deleteSecret(namespace: string, secretName: string) {
let args = ['delete', 'secret', secretName];
if (namespace) {
args.push('-n', namespace);
}
const toolRunner = new ToolRunner(kubectlPath, args, { failOnStdErr: false, ignoreReturnCode: true, silent: true });
await toolRunner.exec();
core.debug(`Deleting ${secretName} if already exist.`);
}
function getDockerSecretArguments(secretName: string): string[] {
const userName = core.getInput('container-registry-username');
const password = core.getInput('container-registry-password');
const server = core.getInput('container-registry-url');
let email = core.getInput('container-registry-email');
let args = ['create', 'secret', 'docker-registry', secretName, '--docker-username', userName, '--docker-password', password];
if (server) {
args.push('--docker-server', server);
}
if (!email) {
email = ' ';
}
args.push('--docker-email', email);
return args;
}
function getGenericSecretArguments(secretName: string): string[] {
const secretArguments = core.getInput('arguments');
let args = ['create', 'secret', 'generic', secretName];
args.push(...argStringToArray(secretArguments));
return args;
}
function checkClusterContext() {
if (!process.env["KUBECONFIG"]) {
throw new Error('Cluster context not set. Use k8s-set-context/aks-set-context action to set cluster context');
}
}
async function run() {
checkClusterContext();
await checkAndSetKubectlPath();
await createSecret();
}
run().catch(core.setFailed);

9
k8s-set-secret/tsconfig.json Normal file
Просмотреть файл

@ -0,0 +1,9 @@
{
"compilerOptions": {
"target": "ES6",
"module": "commonjs"
},
"exclude": [
"node_modules"
]
}