fix secrets stored in json format (#466)

* fix secrets in json format * fix actionlint * add more comments and docs * revert build.yml test * add test for json * fix selector * fix e2e test * fix e2e test 2 * remove test * remove isNaN check * update changelog
2026-04-07 02:06:56 +00:00 · 2023-06-21 11:55:50 -05:00 · 2023-06-21 11:55:50 -05:00 · b9f4d16071
commit b9f4d16071
parent 62aa8bb4c4
11 changed files with 208 additions and 34 deletions
--- a/.github/workflows/actionlint.yaml
+++ b/.github/workflows/actionlint.yaml
@ -16,4 +16,6 @@ jobs:
          # in our e2e tests.
          # This error occurs because vault-action's outputs are dynamic but
          # actionlint expects action.yml to define them.
-          args: '-ignore "property \"othersecret\" is not defined in object type"'
+          args: >
+            -ignore "property \"othersecret\" is not defined in object type"
+            -ignore "property \"jsonstring\" is not defined in object type"
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -153,6 +153,27 @@ jobs:
          my-secret/test altSecret | NAMED_ALTSECRET ;
          my-secret/nested/test otherAltSecret ;

+    # The ordering of these two Test Vault Action JSON String Format steps matters
+    - name: Test Vault Action JSON String Format (part 1/2)
+      id: import-secrets
+      uses: ./
+      with:
+        url: http://localhost:8200
+        token: testtoken
+        secrets: |
+          secret/data/test-json-string jsonString | JSON_STRING ;
+          secret/data/test-json-data jsonData | JSON_DATA ;
+
+    - name: Test Vault Action JSON String Format (part 2/2)
+      run: |
+        echo "${{ steps.import-secrets.outputs.jsonString }}" > string.json
+        echo "${{ steps.import-secrets.outputs.jsonData }}" > data.json
+        cat string.json
+        cat data.json
+        # we should be able to parse the output as JSON
+        jq -c . < string.json
+        jq -c . < data.json
+
    - name: Test Vault Action (cubbyhole)
      uses: ./
      with:
--- a/.github/workflows/local-test.yaml
+++ b/.github/workflows/local-test.yaml
@ -18,11 +18,44 @@ jobs:
    name: local-test
    runs-on: ubuntu-latest
    steps:
-      - name: Import Secrets
-        uses: hashicorp/vault-action@YOUR_BRANCH_NAME
-        with:
-          url: http://localhost:8200
-          method: token
-          token: testtoken
-          secrets: |
-            secret/data/test secret | SAMPLE_SECRET;
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      with:
+        node-version: '16.14.0'
+
+    - name: NPM Install
+      run: npm ci
+
+    - name: NPM Build
+      run: npm run build
+
+    - name: Setup Vault
+      run: node ./integrationTests/e2e/setup.js
+      env:
+        VAULT_HOST: localhost
+        VAULT_PORT: 8200
+
+    - name: Import Secrets
+      id: import-secrets
+      # use the local changes
+      uses: ./
+      # run against a specific version of vault-action
+      # uses: hashicorp/vault-action@v2.1.2
+      with:
+        url: http://localhost:8200
+        method: token
+        token: testtoken
+        secrets: |
+          secret/data/test-json-string jsonString;
+
+    - name: Check Secrets
+      run: |
+        touch secrets.json
+        echo "${{ steps.import-secrets.outputs.jsonString }}" >> secrets.json
+
+    - name: Check json file format
+      run: |
+        echo
+        cat secrets.json
+        jq -c . < secrets.json