forked from cmancone/akeyless-action
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new test workflows for other action
- Loading branch information
1 parent
50e3bde
commit dcaa0b0
Showing
2 changed files
with
124 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: 'Azure AD Dynamic Secrets NEW' | ||
| # Docs => https://docs.akeyless.io/docs/azure-ad-dynamic-secrets | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - 'src/**/*' | ||
| - 'package.json' | ||
| - 'package-lock.json' | ||
| - '.github/workflows/dynamic-azure-ad-new.yml' | ||
|
|
||
| jobs: | ||
| ############################## | ||
| ########## Option 1 ########## | ||
| ############################## | ||
| # - Uses default behavior | ||
| # The response from Akeyless is kept in it's original JSON string. It is then your responsibility to correctly parse it. | ||
|
|
||
| fetch_dynamic_secrets: | ||
| runs-on: ubuntu-latest | ||
| name: AAD dynamic secrets (default) | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Fetch dynamic secret from Akleyless | ||
| id: fetch-secrets | ||
| uses: akeyless-community/[email protected] | ||
| with: | ||
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | ||
| dynamic-secrets: | | ||
| - name: "/DevTools/live-azure-ad" | ||
| output-name: "azure_ad_dynamic_secret" | ||
| access-type: jwt | ||
|
|
||
| - name: Verify Job Outputs | ||
| run: | | ||
| echo "ID: ${{ steps.fetch-secrets.outputs.id }}" | ||
| echo "MSG: ${{ steps.fetch-secrets.outputs.msg }}" | ||
| echo "SECRET: ${{ steps.fetch-secrets.outputs.secret }}" | ||
| echo "TTL_IN_MINUTES: ${{ steps.fetch-secrets.outputs.ttl_in_minutes }}" | ||
| - name: Verify Environment Variables | ||
| run: | | ||
| echo "ID: ${{ env.id }}" | ||
| echo "MSG: ${{ env.msg }}" | ||
| echo "SECRET: ${{ env.secret }}" | ||
| echo "TTL_IN_MINUTES: ${{ env.ttl_in_minutes }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| name: 'Azure Code Sign NEW' | ||
| # Docs => https://docs.akeyless.io/docs/azure-ad-dynamic-secrets | ||
| # Using AzureSignTool https://learn.microsoft.com/en-us/windows/msix/desktop/cicd-keyvault | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| code_sign: | ||
| runs-on: windows-latest | ||
| name: Code Signing | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Fetch dynamic secret from Akleyless | ||
| id: fetch-secrets | ||
| uses: akeyless-community/[email protected] | ||
| with: | ||
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | ||
| dynamic-secrets: | | ||
| - name: "/DevTools/live-azure-ad" | ||
| output-name: "akelyess_payload" | ||
| access-type: jwt | ||
|
|
||
| - name: Verify Values (Temporary - only for debugging) | ||
| run: | | ||
| echo 'ID' | ||
| echo '${{ steps.fetch-secrets.outputs.akelyess_payload }}' | jq -r '.id' | ||
| echo 'MSG' | ||
| echo '${{ steps.fetch-secrets.outputs.akelyess_payload }}' | jq -r '.msg' | ||
| echo 'SECRET' | ||
| echo '${{ steps.fetch-secrets.outputs.akelyess_payload }}' | jq -r '.secret' | ||
| echo 'TTL_IN_MINUTES' | ||
| echo '${{ steps.fetch-secrets.outputs.akelyess_payload }}' | jq -r '.ttl_in_minutes' | ||
| ### ARRRRG - Still trying pull apart the '[object, object]' in | ||
| - name: Learn keys | ||
| run: | | ||
| echo "secret: ${{ env.akelyess_payload_secret }}" | ||
| echo '${{ env.akelyess_payload_secret }}' | jq -r '.value' | ||
| echo '${{ steps.fetch-secrets.outputs.akelyess_payload }}' | jq -r '.secret as $n | try to_entries[] | [ $n, .value]' | ||
| cat '${{ steps.fetch-secrets.outputs.akelyess_payload }}' -o '${{ github.workspace }}\hello.txt' | ||
| Get-Content '${{ github.workspace }}\hello.txt' | ||
| #### Option 1 #### | ||
| # The easiest, just use AzureSignTool | ||
|
|
||
| - name: Install AzureSignTool | ||
| id: install-signtool | ||
| run: dotnet tool install --global AzureSignTool | ||
|
|
||
| # Nice walkthrough https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/ | ||
| - name: Use AzureSignTool | ||
| id: use-signtool | ||
| run: | | ||
| azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}"-kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v '${{ github.workspace }}\.github\test_files\ConsoleApp1.exe' |