From 9c70d8c1933a5b53d98e9d0a1f409e2610d74c75 Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Sat, 21 Oct 2023 13:21:49 -0600 Subject: [PATCH 1/6] Add no_auth input to skip Authentication (Fixes #67) --- .github/workflows/workflow.yml | 20 ++++++++++++++++++++ README.md | 2 ++ action.yml | 5 ++++- main.js | 8 ++++++++ 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 6c0cbe9..2c81bd5 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -39,6 +39,26 @@ jobs: - name: Verify log-in run: doctl compute region list + test_no_auth: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + steps: + - uses: actions/checkout@master + + - name: Install doctl + uses: ./ + with: + no_auth: true + + - name: Verify installation + run: doctl version + + - name: Verify not authenticated + run: | + doctl compute region list 2>&1 | grep -qi "Unable to initialize DigitalOcean API client: access token is required" + test_custom_version_linux_and_mac: runs-on: ${{ matrix.os }} strategy: diff --git a/README.md b/README.md index 8ff9ad5..b5898bc 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ See [this repository](https://github.com/do-community/example-doctl-action) for - `token` – (**Required**) A DigitalOcean personal access token ([more info](https://docs.digitalocean.com/reference/api/create-personal-access-token/)). - `version` – (Optional) The version of `doctl` to install. If excluded, the latest release will be used. +- `no_auth` – (Optional) Set to `true` to skip the authentication step. The API `token` parameter is _Optional_ in this case. + - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate`) ## Contributing diff --git a/action.yml b/action.yml index e47ce09..5ac2a22 100644 --- a/action.yml +++ b/action.yml @@ -8,9 +8,12 @@ inputs: version: description: 'Version of doctl to install' default: 'latest' + no_auth: + description: 'Skip authentication' + default: 'false' token: description: 'DigitalOcean API Token' - required: true + default: '' runs: using: 'node16' main: 'dist/index.js' \ No newline at end of file diff --git a/main.js b/main.js index 44e620a..5c97d9e 100644 --- a/main.js +++ b/main.js @@ -81,6 +81,14 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.addPath(path); core.info(`>>> doctl version v${version} installed to ${path}`); + // Skip authentication if requested + // for workflows where auth isn't necessary (e.g. doctl app spec validate) + var no_auth = core.getInput('no_auth'); + if (no_auth.toLowerCase() === 'true') { + core.info('>>> Skipping doctl auth'); + return; + } + var token = core.getInput('token', { required: true }); core.setSecret(token); await exec.exec('doctl auth init -t', [token]); From 32bddea39945dcfc8490b9ea15f0d94f141f914e Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Sat, 21 Oct 2023 14:13:03 -0600 Subject: [PATCH 2/6] npm run package --- dist/index.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dist/index.js b/dist/index.js index 5b9924d..1d4a059 100644 --- a/dist/index.js +++ b/dist/index.js @@ -17538,6 +17538,14 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.addPath(path); core.info(`>>> doctl version v${version} installed to ${path}`); + // Skip authentication if requested + // for workflows where auth isn't necessary (e.g. doctl app spec validate) + var no_auth = core.getInput('no_auth'); + if (no_auth.toLowerCase() === 'true') { + core.info('>>> Skipping doctl auth'); + return; + } + var token = core.getInput('token', { required: true }); core.setSecret(token); await exec.exec('doctl auth init -t', [token]); From 3211359c8bac8d2956797dc5b4d64306468e633d Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Sun, 22 Oct 2023 18:37:50 -0600 Subject: [PATCH 3/6] Update references to: `doctl app spec validate-offline` Implemented in: digitalocean/doctl#1450 --- README.md | 2 +- dist/index.js | 2 +- main.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b5898bc..9735527 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ See [this repository](https://github.com/do-community/example-doctl-action) for - `token` – (**Required**) A DigitalOcean personal access token ([more info](https://docs.digitalocean.com/reference/api/create-personal-access-token/)). - `version` – (Optional) The version of `doctl` to install. If excluded, the latest release will be used. - `no_auth` – (Optional) Set to `true` to skip the authentication step. The API `token` parameter is _Optional_ in this case. - - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate`) + - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate-offline`) ## Contributing diff --git a/dist/index.js b/dist/index.js index 1d4a059..fdf15d7 100644 --- a/dist/index.js +++ b/dist/index.js @@ -17539,7 +17539,7 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.info(`>>> doctl version v${version} installed to ${path}`); // Skip authentication if requested - // for workflows where auth isn't necessary (e.g. doctl app spec validate) + // for workflows where auth isn't necessary (e.g. doctl app spec validate-offline) var no_auth = core.getInput('no_auth'); if (no_auth.toLowerCase() === 'true') { core.info('>>> Skipping doctl auth'); diff --git a/main.js b/main.js index 5c97d9e..2ffa1bd 100644 --- a/main.js +++ b/main.js @@ -82,7 +82,7 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.info(`>>> doctl version v${version} installed to ${path}`); // Skip authentication if requested - // for workflows where auth isn't necessary (e.g. doctl app spec validate) + // for workflows where auth isn't necessary (e.g. doctl app spec validate-offline) var no_auth = core.getInput('no_auth'); if (no_auth.toLowerCase() === 'true') { core.info('>>> Skipping doctl auth'); From a0b098c0da3f34f9b699a34d6393e71ed2de3f94 Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Wed, 25 Oct 2023 12:17:02 -0600 Subject: [PATCH 4/6] Revert "Update references to: `doctl app spec validate-offline`" This reverts commit 3211359c8bac8d2956797dc5b4d64306468e633d. --- README.md | 2 +- dist/index.js | 2 +- main.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9735527..b5898bc 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ See [this repository](https://github.com/do-community/example-doctl-action) for - `token` – (**Required**) A DigitalOcean personal access token ([more info](https://docs.digitalocean.com/reference/api/create-personal-access-token/)). - `version` – (Optional) The version of `doctl` to install. If excluded, the latest release will be used. - `no_auth` – (Optional) Set to `true` to skip the authentication step. The API `token` parameter is _Optional_ in this case. - - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate-offline`) + - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate`) ## Contributing diff --git a/dist/index.js b/dist/index.js index fdf15d7..1d4a059 100644 --- a/dist/index.js +++ b/dist/index.js @@ -17539,7 +17539,7 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.info(`>>> doctl version v${version} installed to ${path}`); // Skip authentication if requested - // for workflows where auth isn't necessary (e.g. doctl app spec validate-offline) + // for workflows where auth isn't necessary (e.g. doctl app spec validate) var no_auth = core.getInput('no_auth'); if (no_auth.toLowerCase() === 'true') { core.info('>>> Skipping doctl auth'); diff --git a/main.js b/main.js index 2ffa1bd..5c97d9e 100644 --- a/main.js +++ b/main.js @@ -82,7 +82,7 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.info(`>>> doctl version v${version} installed to ${path}`); // Skip authentication if requested - // for workflows where auth isn't necessary (e.g. doctl app spec validate-offline) + // for workflows where auth isn't necessary (e.g. doctl app spec validate) var no_auth = core.getInput('no_auth'); if (no_auth.toLowerCase() === 'true') { core.info('>>> Skipping doctl auth'); From a2b81b2aae41ddc3af5b4a4e75317374452660dc Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Wed, 25 Oct 2023 12:17:59 -0600 Subject: [PATCH 5/6] Update references to: `doctl app spec validate --schema-only` --- README.md | 2 +- dist/index.js | 2 +- main.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b5898bc..38707ce 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ See [this repository](https://github.com/do-community/example-doctl-action) for - `token` – (**Required**) A DigitalOcean personal access token ([more info](https://docs.digitalocean.com/reference/api/create-personal-access-token/)). - `version` – (Optional) The version of `doctl` to install. If excluded, the latest release will be used. - `no_auth` – (Optional) Set to `true` to skip the authentication step. The API `token` parameter is _Optional_ in this case. - - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate`) + - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate --schema-only`) ## Contributing diff --git a/dist/index.js b/dist/index.js index 1d4a059..bd86496 100644 --- a/dist/index.js +++ b/dist/index.js @@ -17539,7 +17539,7 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.info(`>>> doctl version v${version} installed to ${path}`); // Skip authentication if requested - // for workflows where auth isn't necessary (e.g. doctl app spec validate) + // for workflows where auth isn't necessary (e.g. doctl app spec validate --schema-only) var no_auth = core.getInput('no_auth'); if (no_auth.toLowerCase() === 'true') { core.info('>>> Skipping doctl auth'); diff --git a/main.js b/main.js index 5c97d9e..30cb2a2 100644 --- a/main.js +++ b/main.js @@ -82,7 +82,7 @@ Failed to retrieve latest version; falling back to: ${fallbackVersion}`); core.info(`>>> doctl version v${version} installed to ${path}`); // Skip authentication if requested - // for workflows where auth isn't necessary (e.g. doctl app spec validate) + // for workflows where auth isn't necessary (e.g. doctl app spec validate --schema-only) var no_auth = core.getInput('no_auth'); if (no_auth.toLowerCase() === 'true') { core.info('>>> Skipping doctl auth'); From 2c536b353ea9359c5cd9a4ff58cf88a891357afc Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Wed, 25 Oct 2023 12:54:57 -0600 Subject: [PATCH 6/6] README: Add doctl version dependency note --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 38707ce..9a4ea98 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ See [this repository](https://github.com/do-community/example-doctl-action) for - `version` – (Optional) The version of `doctl` to install. If excluded, the latest release will be used. - `no_auth` – (Optional) Set to `true` to skip the authentication step. The API `token` parameter is _Optional_ in this case. - _Note:_ This can be useful when running in workflows in untrusted environments, or where auth isn't necessary (e.g. `doctl app spec validate --schema-only`) + - This depends on `doctl >= v1.101.0` (digitalocean/doctl#1450) ## Contributing