diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml new file mode 100644 index 000000000..a7037c8fc --- /dev/null +++ b/.github/workflows/integration.yml @@ -0,0 +1,161 @@ +name: 'Integration' + +on: + push: + branches: + - 'main' + pull_request: + branches: + - 'main' + workflow_dispatch: + +concurrency: + group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' + cancel-in-progress: true + +jobs: + integration: + if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} + strategy: + fail-fast: false + matrix: + os: + - 'ubuntu-latest' + - 'windows-latest' + - 'macos-latest' + runs-on: '${{ matrix.os }}' + + permissions: + id-token: 'write' + + steps: + - uses: 'actions/checkout@v3' + with: + node-version: '16.x' + + - name: 'Build' + run: 'npm ci && npm run build' + + # Default installation + - name: 'Install version' + uses: './' + with: + version: '374.0.0' + + # Latest installation + - name: 'Install latest' + uses: './' + with: + version: 'latest' + + # By default, there is no configuration + - name: 'Check defaults' + run: |- + ./tests/expect-gcloud-config "$(cat << EOF + account: (unset) + project: (unset) + components: + EOF + )" + + # Install components + - name: 'Install components' + uses: './' + with: + components: 'alpha,beta' + + - name: 'Check components' + run: |- + ./tests/expect-gcloud-config "$(cat << EOF + account: (unset) + project: (unset) + components: alpha,beta + EOF + )" + + # Set a project ID + - name: 'Set project ID' + uses: './' + with: + project_id: '${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }}' + + - name: 'Check project ID' + run: |- + ./tests/expect-gcloud-config "$(cat << EOF + account: (unset) + project: ${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }} + components: + EOF + )" + + # Authenticate via WIF + - name: 'Authenticate via WIF' + uses: 'google-github-actions/auth@main' + with: + workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}' + service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}' + + - name: 'Check WIF authentication' + run: |- + ./tests/expect-gcloud-config "$(cat << EOF + account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} + project: ${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }} + components: + EOF + )" + + # Authenticate via SAKE + - name: 'Authenticate via SAKE' + uses: 'google-github-actions/auth@main' + with: + credentials_json: '${{ secrets.SETUP_GCLOUD_IT_KEY }}' + + - name: 'Check WIF authentication' + run: |- + ./tests/expect-gcloud-config "$(cat << EOF + account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} + project: ${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }} + components: + EOF + )" + + # This test ensures that the GOOGLE_APPLICATION_CREDENTIALS environment + # variable is shared with the container and that the path of the file is on + # the shared filesystem with the container and that the USER for the container + # has permissions to read the file. + docker: + if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} + name: 'setup-gcloud with docker-based steps' + runs-on: 'ubuntu-latest' + strategy: + fail-fast: false + + permissions: + id-token: 'write' + + steps: + - uses: 'actions/checkout@v3' + + - uses: 'actions/setup-node@v3' + with: + node-version: '16.x' + + - name: 'npm ci' + run: 'npm ci' + + - name: 'npm build' + run: 'npm run build' + + - uses: google-github-actions/auth@main + with: + workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} + service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} + + - name: 'setup-gcloud' + uses: './' + + - name: 'docker' + uses: 'docker://alpine:3' + with: + entrypoint: '/bin/sh' + args: '-euc "test -n "${GOOGLE_APPLICATION_CREDENTIALS}" && test -r "${GOOGLE_APPLICATION_CREDENTIALS}"' diff --git a/.github/workflows/setup-gcloud-it.yml b/.github/workflows/setup-gcloud-it.yml deleted file mode 100644 index 1c645af05..000000000 --- a/.github/workflows/setup-gcloud-it.yml +++ /dev/null @@ -1,402 +0,0 @@ -name: setup-gcloud Integration - -on: - push: - branches: - - 'main' - pull_request: - branches: - - 'main' - workflow_dispatch: - -concurrency: - group: '${{github.workflow}}-${{ github.head_ref || github.ref }}' - cancel-in-progress: true - -jobs: - versioned: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: setup-gcloud versioned - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: ${{ matrix.os }} - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} - service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} - - - name: setup-gcloud - uses: ./ - with: - version: '374.0.0' - - - name: Integration Tests - shell: bash - run: ./tests/integration-tests.sh - - latest: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: setup-gcloud latest - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: ${{ matrix.os }} - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - name: Build dependency - run: |- - npm ci - npm run build - - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} - service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} - - - name: setup-gcloud - uses: ./ - with: - version: 'latest' - - - name: Integration Tests - shell: bash - run: ./tests/integration-tests.sh - - project_id: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: setup-gcloud with configured project - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: ${{ matrix.os }} - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} - service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} - - - name: setup-gcloud - uses: ./ - with: - project_id: ${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }} - - - name: Verify project - shell: bash - run: gcloud config get-value project | grep ${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }} - - components: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: setup-gcloud with components - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: ${{ matrix.os }} - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} - service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} - - - name: setup-gcloud - uses: ./ - with: - project_id: ${{ secrets.SETUP_GCLOUD_IT_PROJECT_ID }} - install_components: alpha, beta - - - name: Verify install - shell: bash - run: |- - gcloud components list - if [[ $(gcloud components list --filter=name:alpha --format="value(Status)" | grep Not) -eq 1 ]]; then - exit 1; - fi - if [[ $(gcloud components list --filter=name:beta --format="value(Status)" | grep Not) -eq 1 ]]; then - exit 1; - fi - - # This test ensures that the GOOGLE_APPLICATION_CREDENTIALS environment - # variable is shared with the container and that the path of the file is on - # the shared filesystem with the container and that the USER for the container - # has permissions to read the file. - docker: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'setup-gcloud with docker-based steps' - runs-on: 'ubuntu-latest' - strategy: - fail-fast: false - - permissions: - id-token: 'write' - - steps: - - uses: 'actions/checkout@v3' - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - name: 'npm ci' - run: 'npm ci' - - - name: 'npm build' - run: 'npm run build' - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} - service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} - - - name: 'setup-gcloud' - uses: './' - - - name: 'docker' - uses: 'docker://alpine:3' - with: - entrypoint: '/bin/sh' - args: '-euc "test -n "${GOOGLE_APPLICATION_CREDENTIALS}" && test -r "${GOOGLE_APPLICATION_CREDENTIALS}"' - - wif: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'with wif' - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: '${{ matrix.os }}' - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }} - service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }} - - - name: 'setup-gcloud' - uses: './' - - - id: 'gcloud' - shell: 'bash' - run: |- - gcloud secrets versions access "latest" --secret "${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}" - - credentials_json: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'with key and auth action' - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: '${{ matrix.os }}' - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - credentials_json: ${{ secrets.SETUP_GCLOUD_IT_KEY }} - - - name: 'setup-gcloud' - uses: './' - - - id: 'gcloud' - shell: 'bash' - run: |- - gcloud secrets versions access "latest" --secret "${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}" - - credentials_json_exported: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'auth action with json key and setup-gcloud export' - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: '${{ matrix.os }}' - - steps: - - uses: 'actions/checkout@v3' - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - id: 'build' - name: 'Build dist' - run: 'npm ci && npm run build' - - - uses: 'google-github-actions/auth@main' - with: - credentials_json: '${{ secrets.SETUP_GCLOUD_IT_KEY }}' - - - name: 'setup-gcloud' - uses: './' - - - id: 'gcloud' - shell: 'bash' - run: |- - gcloud secrets versions access "latest" --secret "${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}" - - multi_credentials: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'with two setup gcloud with different SA' - strategy: - fail-fast: false - matrix: - os: - - 'ubuntu-latest' - - 'windows-latest' - - 'macos-latest' - runs-on: '${{ matrix.os }}' - - permissions: - id-token: 'write' - - steps: - - uses: actions/checkout@v3 - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - id: build - name: Build dist - run: |- - npm ci - npm run build - - - uses: google-github-actions/auth@main - with: - workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}' - service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}' - - - name: 'setup-gcloud' - uses: './' - - # current SA should be OIDC_AUTH_SA_EMAIL - - name: 'check current SA' - shell: 'bash' - run: |- - CURRENT_SA=$(gcloud auth list --format="value(account)" --filter="(status=ACTIVE)") - if [ ${{ secrets.OIDC_AUTH_SA_EMAIL }} != $CURRENT_SA ]; then exit 1; fi - - - uses: google-github-actions/auth@main - with: - credentials_json: '${{ secrets.SETUP_GCLOUD_IT_KEY }}' - - - name: setup-gcloud - uses: ./ - with: - version: 'latest' - - # current SA should be SETUP_GCLOUD_IT_EMAIL - - name: 'check current SA' - shell: 'bash' - run: |- - CURRENT_SA=$(gcloud auth list --format="value(account)" --filter="(status=ACTIVE)") - if [ ${{ secrets.SETUP_GCLOUD_IT_EMAIL }} != $CURRENT_SA ]; then exit 1; fi diff --git a/.github/workflows/setup-gcloud.yml b/.github/workflows/unit.yml similarity index 69% rename from .github/workflows/setup-gcloud.yml rename to .github/workflows/unit.yml index 0d70e3387..017ecfb60 100644 --- a/.github/workflows/setup-gcloud.yml +++ b/.github/workflows/unit.yml @@ -1,4 +1,4 @@ -name: setup-gcloud Unit +name: 'Unit' on: push: @@ -10,17 +10,20 @@ on: workflow_dispatch: concurrency: - group: '${{github.workflow}}-${{ github.head_ref || github.ref }}' + group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' cancel-in-progress: true jobs: - run: - name: setup-gcloud - runs-on: ${{ matrix.operating-system }} + unit: strategy: fail-fast: false matrix: - operating-system: [ubuntu-latest, windows-latest, macos-latest] + os: + - 'ubuntu-latest' + - 'windows-latest' + - 'macos-latest' + runs-on: '${{ matrix.os }}' + steps: - uses: 'actions/checkout@v3' @@ -38,7 +41,7 @@ jobs: run: 'npm run lint' # There's no need to run the linter for each operating system, since it # will find the same thing 3x and clog up the PR review. - if: ${{matrix.operating-system == 'ubuntu-latest'}} + if: ${{matrix.os == 'ubuntu-latest'}} - name: 'test' run: 'npm test' diff --git a/src/main.ts b/src/main.ts index e7aa757a4..179f2d04e 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,5 +1,5 @@ /* - * Copyright 2020 Google LLC + * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,6 +14,76 @@ * limitations under the License. */ -import { run } from './setup-gcloud'; +import * as core from '@actions/core'; +import * as toolCache from '@actions/tool-cache'; +import { + authenticateGcloudSDK, + getLatestGcloudSDKVersion, + installComponent, + installGcloudSDK, + isInstalled, + setProject, +} from '@google-github-actions/setup-cloud-sdk'; +import { + errorMessage, + isPinnedToHead, + pinnedToHeadWarning, +} from '@google-github-actions/actions-utils'; +import path from 'path'; -run(); +export const GCLOUD_METRICS_ENV_VAR = 'CLOUDSDK_METRICS_ENVIRONMENT'; +export const GCLOUD_METRICS_LABEL = 'github-actions-setup-gcloud'; + +export async function run(): Promise { + // Warn if pinned to HEAD + if (isPinnedToHead()) { + core.warning(pinnedToHeadWarning('v1')); + } + + core.exportVariable(GCLOUD_METRICS_ENV_VAR, GCLOUD_METRICS_LABEL); + try { + let version = core.getInput('version'); + if (!version || version == 'latest') { + version = await getLatestGcloudSDKVersion(); + } + + // Install the gcloud if not already present + if (!isInstalled(version)) { + await installGcloudSDK(version); + } else { + const toolPath = toolCache.find('gcloud', version); + core.addPath(path.join(toolPath, 'bin')); + } + + // Install additional components + const components = core.getInput('install_components'); + if (components) { + await installComponent(components.split(',').map((comp) => comp.trim())); + } + + // Authenticate - this comes from google-github-actions/auth + const credFile = process.env.GOOGLE_GHA_CREDS_PATH; + if (credFile) { + await authenticateGcloudSDK(credFile); + core.info('Successfully authenticated'); + } else { + core.warning( + 'No authentication found for gcloud, authenticate with `google-github-actions/auth`.', + ); + } + + // Set the project ID, if given. + const projectId = core.getInput('project_id'); + if (projectId) { + await setProject(projectId); + core.info('Successfully set default project'); + } + } catch (err) { + const msg = errorMessage(err); + core.setFailed(`google-github-actions/setup-gcloud failed with: ${msg}`); + } +} + +if (require.main === module) { + run(); +} diff --git a/src/setup-gcloud.ts b/src/setup-gcloud.ts deleted file mode 100644 index b015c08ed..000000000 --- a/src/setup-gcloud.ts +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 2019 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import * as core from '@actions/core'; -import * as toolCache from '@actions/tool-cache'; -import { - authenticateGcloudSDK, - getLatestGcloudSDKVersion, - installComponent, - installGcloudSDK, - isInstalled, - setProject, -} from '@google-github-actions/setup-cloud-sdk'; -import { - errorMessage, - isPinnedToHead, - pinnedToHeadWarning, -} from '@google-github-actions/actions-utils'; -import path from 'path'; - -export const GCLOUD_METRICS_ENV_VAR = 'CLOUDSDK_METRICS_ENVIRONMENT'; -export const GCLOUD_METRICS_LABEL = 'github-actions-setup-gcloud'; - -export async function run(): Promise { - // Warn if pinned to HEAD - if (isPinnedToHead()) { - core.warning(pinnedToHeadWarning('v1')); - } - - core.exportVariable(GCLOUD_METRICS_ENV_VAR, GCLOUD_METRICS_LABEL); - try { - let version = core.getInput('version'); - if (!version || version == 'latest') { - version = await getLatestGcloudSDKVersion(); - } - - // Install the gcloud if not already present - if (!isInstalled(version)) { - await installGcloudSDK(version); - } else { - const toolPath = toolCache.find('gcloud', version); - core.addPath(path.join(toolPath, 'bin')); - } - - // Install additional components - const components = core.getInput('install_components'); - if (components) { - await installComponent(components.split(',').map((comp) => comp.trim())); - } - - // Authenticate - this comes from google-github-actions/auth - const credFile = process.env.GOOGLE_GHA_CREDS_PATH; - if (credFile) { - await authenticateGcloudSDK(credFile); - core.info('Successfully authenticated'); - } else { - core.warning( - 'No authentication found for gcloud, authenticate with `google-github-actions/auth`.', - ); - } - - // Set the project ID, if given. - const projectId = core.getInput('project_id'); - if (projectId) { - await setProject(projectId); - core.info('Successfully set default project'); - } - } catch (err) { - const msg = errorMessage(err); - core.setFailed(`google-github-actions/setup-gcloud failed with: ${msg}`); - } -} diff --git a/tests/expect-gcloud-config b/tests/expect-gcloud-config new file mode 100755 index 000000000..0aa298af1 --- /dev/null +++ b/tests/expect-gcloud-config @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +set -eEuo pipefail + +WANT="${1:""}" + +ACCOUNT="$(gcloud auth list --filter=status:ACTIVE --format='value(account)')" +if [ -z "${ACCOUNT}" ]; then + ACCOUNT="(unset)" +fi + +PROJECT_ID="$(gcloud config get core/project_id)" + +COMPONENTS="$(gcloud components list --format=json --only-local-state 2>/dev/null | jq -r '. | sort_by(.id) | map(.id) | join(",")')" + +GOT="$(cat <&1 + echo "" + diff <( printf '%s\n' "${GOT}" ) <( printf '%s\n' "${WANT}" ) 2>&1 + echo "" + exit 26 +fi diff --git a/tests/integration-tests.sh b/tests/integration-tests.sh deleted file mode 100755 index 48f747bb7..000000000 --- a/tests/integration-tests.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright 2019 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This file contains integration tests for the setup-gcloud action. - -# fail on error -set -e - -# Ensure authentication was succesfully configured -echo "Testing authentication..." -gcloud projects list > /dev/null && echo "Passed." - -# Ensure gsutil was properly configured -# NOTE(craigdbarber): does not work for Windows as the gcloud -# SDK windows release is currently missing the gsutil bash -# entrypoint script. -if which "gsutil" &> /dev/null; then - echo "Testing gsutil..." - gsutil ls gs://cloud-sdk-release > /dev/null && echo "Passed." -fi diff --git a/tests/setup-gcloud.test.ts b/tests/setup-gcloud.test.ts index 7c522d89e..734591b1b 100644 --- a/tests/setup-gcloud.test.ts +++ b/tests/setup-gcloud.test.ts @@ -26,7 +26,7 @@ import * as setupGcloud from '@google-github-actions/setup-cloud-sdk'; import * as core from '@actions/core'; import * as toolCache from '@actions/tool-cache'; -import { run } from '../src/setup-gcloud'; +import { run } from '../src/main'; // These are mock data for github actions inputs, where camel case is expected. const fakeInputs: { [key: string]: string } = {