Skip to content

chore(deps): bump @aws-sdk/client-secrets-manager #621

chore(deps): bump @aws-sdk/client-secrets-manager

chore(deps): bump @aws-sdk/client-secrets-manager #621

Workflow file for this run

name: 'build-test'
on: push
jobs:
build: # make sure build/ci work properly
if: github.actor != 'dependabot[bot]' # Dependabot commits are always followed by a dist folder commit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm install
- run: npm run all
test:
if: github.actor != 'dependabot[bot]' # Dependabot commits are always followed by a dist folder commit
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: dummy
AWS_SECRET_ACCESS_KEY: dummy
AWS_REGION: us-east-1
AWS_SECRETS_MANAGER_ENDPOINT_URL: http://localhost:4566
services:
localstack:
image: localstack/localstack
env:
SERVICES: secretsmanager
ports:
- 4566:4566
steps:
- uses: actions/checkout@v4
- name: Setup some sample credentials
run: |
aws --endpoint-url="$AWS_SECRETS_MANAGER_ENDPOINT_URL" secretsmanager create-secret \
--name myjsonsecret --secret-string '{"foo1":"bar1","foo2":"bar2"}'
aws --endpoint-url="$AWS_SECRETS_MANAGER_ENDPOINT_URL" secretsmanager create-secret \
--name mytxtsecret --secret-string 'SOME_SECRET_TXT'
- name: Retrieve Text Secrets
id: txtsecrets
uses: ./
with:
secret-id: mytxtsecret
- name: Check Text Secret
run: |
if [ "${{ steps.txtsecrets.outputs.secret }}" != 'SOME_SECRET_TXT' ]; then
echo "Secret not exported? [${{ steps.txtsecrets.outputs.secret }}]"; exit 1;
fi
- name: Retrieve JSON Secrets
id: jsonsecrets
uses: ./
with:
secret-id: myjsonsecret
keys-as-outputs: true
keys-as-env-vars: true
append-to-env-file: ./my.env
- name: Check JSON Secret GH Output
run: |
if [ "${{ steps.jsonsecrets.outputs.secret }}" != '{foo1:bar1,foo2:bar2}' ]; then
echo "Secret not exported? [${{ steps.jsonsecrets.outputs.secret }}]"; exit 1;
fi
# `keys-as-outputs: true` should enable the following
if [ "${{ steps.jsonsecrets.outputs.foo1 }}" != "bar1" ]; then
echo "Key not exported? [${{ steps.jsonsecrets.outputs.foo1 }}]"; exit 1;
fi
- name: Check JSON Secret environment variables
run: |
# `keys-as-env-vars: true` should enable the following
if [ "$foo1" != "bar1" ]; then
echo "Not exported as env var"; exit 1;
fi
- name: Check JSON Secret environment file
run: |
# `append-to-env-file: ./my.env` should enable the following
expected="
#### Loaded via t-botz/aws-secrets-manager-read-action
foo1=bar1
foo2=bar2
"
IFS= read -rd '' actual <./my.env || true
if [ "$expected" != "$actual" ]; then
echo -e "Env file is not what was expected"
diff -u <(echo "$expected") <(echo "$actual")
exit 1
fi