Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ LOPS-1538 ] Cache the terminus directory and only add token if not already logged in #17

Merged
merged 13 commits into from
Mar 21, 2024
Merged

[ LOPS-1538 ] Cache the terminus directory and only add token if not already logged in #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
100d53e
Cache the terminus directory and only add token if not already logged in
stovak Jun 9, 2023
7dbc4e0
Implement as single line rather than multiline bash
stovak Jun 12, 2023
f54f4f6
Add encryption when caching Terminus sessions
Mar 7, 2024
23bf422
Fix missing cp, update README
Mar 7, 2024
97a340f
Move some steps around
Mar 7, 2024
f76d089
Fix cache directory path
Mar 7, 2024
5616336
Update steps ids
Mar 7, 2024
e26db6c
Update actions/checkout version for tests
Mar 8, 2024
5eb81fc
Use openssl vs gpg2 for platform compatibilities
Mar 8, 2024
9722a2d
Add pbkdf2 and iter for improved strength
Mar 8, 2024
a11cb4e
Fix encrypt step name reference
Mar 8, 2024
fcb98ed
Update authentication pattern
Mar 8, 2024
98b72b4
Remove restore key
Mar 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 2 additions & 4 deletions .github/workflows/test-terminus-version.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: 'Tests: Version'
name: "Tests: Version"

on:
workflow_call:
Expand All @@ -17,9 +17,8 @@ jobs:
runs-on: ubuntu-latest
name: ${{ inputs.terminus-version }}
steps:

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup PHP
uses: shivammathur/setup-php@v2
Expand All @@ -35,4 +34,3 @@ jobs:
run: |
terminus -V --no-ansi
if [[ $(terminus -V --no-ansi) != *"${{ inputs.terminus-version }}" ]]; then exit 1; fi

8 changes: 3 additions & 5 deletions .github/workflows/test-terminus.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,15 @@ name: Terminus Github Action Tests
on:
pull_request:
branches:
- main
- main

jobs:
test_terminus:
runs-on: ubuntu-latest
name: Terminus Setup
steps:

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup Terminus
uses: ./
Expand All @@ -27,9 +26,8 @@ jobs:
runs-on: ubuntu-latest
name: Terminus Login
steps:

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup Terminus
uses: ./
Expand Down
15 changes: 13 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ steps:
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '7.4'
php-version: "7.4"

- name: Install Terminus
uses: pantheon-systems/terminus-github-actions@main
Expand All @@ -36,7 +36,7 @@ steps:
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '7.4'
php-version: "7.4"

- name: Install Terminus
uses: pantheon-systems/terminus-github-actions@main
Expand All @@ -48,6 +48,17 @@ steps:
run: terminus site:list
```

This action will encrypt and cache the Terminus session by default to be re-used across jobs in a workflow to reduce the number of authorizations. If you need to disable this for some reason, you can set the `disable-cache` option to `true`.

```yaml
steps:
- name: Install Terminus
uses: pantheon-systems/terminus-github-actions@main
with:
pantheon-machine-token: ${{ secrets.PANTHEON_MACHINE_TOKEN }}
disable-cache: true
```

Please note that in order to run commands that require SSH (e.g. drush or wp-cli), you will need to setup a SSH key. There are plenty of options available in the [Github Actions Marketplace](https://github.com/marketplace?type=actions&query=ssh+key+). We recommend you to choose one of them and use them in your pipeline.

## Credits
Expand Down
84 changes: 78 additions & 6 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,17 @@ inputs:
description: |
The full version of Terminus to install. If omitted, the latest version is used.
required: false
disable-cache:
description: Disable session cache and force a new session to be initiated.
required: false
default: false

runs:
using: composite
steps:
- name: Determine version
shell: bash
- name: Set Terminus version
if: ${{ ! inputs.terminus-version }}
shell: bash
run: |
TERMINUS_RELEASE=$(
curl --silent \
Expand All @@ -29,16 +34,83 @@ runs:
- name: Install Terminus
shell: bash
run: |
mkdir ~/terminus && cd ~/terminus
mkdir $HOME/terminus && cd $HOME/terminus
echo "Installing Terminus v$TERMINUS_RELEASE"
curl -L https://github.com/pantheon-systems/terminus/releases/download/$TERMINUS_RELEASE/terminus.phar --output terminus
chmod +x terminus
sudo ln -s ~/terminus/terminus /usr/local/bin/terminus
sudo ln -s $HOME/terminus/terminus /usr/local/bin/terminus
mkdir -p $HOME/.terminus/{cache,plugins}
env:
TERMINUS_RELEASE: ${{ inputs.terminus-version || env.TERMINUS_RELEASE }}

- name: Login to Pantheon
if: ${{ inputs.pantheon-machine-token }}
- name: Set cache path, key, and restore-key
id: configure-cache
shell: bash
run: |

# Generate a hash of the machine token to use as a restore-key.
machine_token_hash=`echo ${{ inputs.pantheon-machine-token }} | sha256sum | head -c 40`
restore_key="terminus-session-$machine_token_hash"

# Set path, cache key, and restore-key for later steps.
echo "path=${{ runner.temp }}/terminus-session.enc" >> $GITHUB_OUTPUT
echo "restore-key=$restore_key-" >> $GITHUB_OUTPUT
echo "key=$restore_key-${{ github.run_id }}" >> $GITHUB_OUTPUT

- name: Restore cached encrypted Terminus session
id: restore-cache
if: ${{ inputs.disable-cache != 'true' }}
uses: actions/cache/restore@v4
with:
path: ${{ steps.configure-cache.outputs.path }}
key: ${{ steps.configure-cache.outputs.key }}
enableCrossOsArchive: true

- name: Decrypt cached session file
id: decrypt
if: ${{ steps.restore-cache.outcome == 'success' }}
continue-on-error: true
shell: bash
run: |

# Verify that the encrypted session file was restored from cache.
test -s ${{ steps.configure-cache.outputs.path }}

# Decrypt the session file.
echo "${{ inputs.pantheon-machine-token }}" | \
openssl enc -d -aes-256-cbc -pbkdf2 -iter 10000 -pass stdin -in ${{ steps.configure-cache.outputs.path }} -out $HOME/.terminus/cache/session

# Check if restored session is still valid
TERMINUS_USER=$(terminus auth:whoami)

if [ -z "$TERMINUS_USER" ]; then
echo "No valid session found. "
exit 1
fi
stovak marked this conversation as resolved.
Show resolved Hide resolved

echo "Valid session found: $TERMINUS_USER"

- name: Authenticate Terminus
id: authenticate
if: ${{ inputs.pantheon-machine-token && steps.decrypt.outcome != 'success' }}
shell: bash
run: |

# Running this step means the session was not restored from cache
# and needs to be re-authenticated.

# Authenticate with Pantheon using the machine token.
terminus auth:login --machine-token="${{ inputs.pantheon-machine-token }}"

# Encrypt the session file.
echo "${{ inputs.pantheon-machine-token }}" | \
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 10000 -pass stdin -in $HOME/.terminus/cache/session -out ${{ steps.configure-cache.outputs.path }}

- name: Cache encrypted Terminus session
id: save-cache
if: ${{ steps.authenticate.outcome == 'success' }}
uses: actions/cache/save@v4
with:
path: ${{ steps.configure-cache.outputs.path }}
key: ${{ steps.configure-cache.outputs.key }}
enableCrossOsArchive: true
Loading