Packs everything into functions #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: MAC - Read secrets from vault | |
| on: | |
| push: | |
| branches: [ main, mac ] | |
| workflow_dispatch: {} | |
| jobs: | |
| mac: | |
| runs-on: macos-13 | |
| steps: | |
| - uses: actions/checkout@v4.1.7 | |
| - name: brew vault | |
| run: | | |
| brew tap hashicorp/tap | |
| brew install hashicorp/tap/vault | |
| echo "exporting vault addr" | |
| export VAULT_ADDR=http://127.0.0.1:8200 | |
| echo "starting sevrer in dev mode with token id vault-plaintext-root-token" | |
| vault server -dev -dev-root-token-id="vault-plaintext-root-token" & | |
| sleep 20 | |
| echo "Authenticating to vault..." | |
| vault login token=vault-plaintext-root-token | |
| echo "Initializing vault..." | |
| vault secrets enable -version=1 -path=my-secrets kv | |
| echo "Adding entries..." | |
| vault kv put my-secrets/dev password=test_password | |
| echo "Complete..." | |
| vault token lookup | |
| echo "Passwort is: (next line)" | |
| echo $(vault kv get -field=password "/my-secrets/dev") | |
| # --------------------------------- | |
| echo "set up done" | |
| mkdir $HOME/.superexport | |
| touch $HOME/.superexport/.exported.sh | |
| chmod +x $HOME/.superexport/.exported.sh | |
| chmod +x superexport.sh | |
| ./superexport.sh MYKEY password /my-secrets/dev foo | |
| echo "reading secrets from from secret tools" | |
| source $HOME/.superexport/.secretreader.sh | |
| echo "mykey is $MYKEY" | |
| echo "GH_ENV=$MYKEY" >> $GITHUB_ENV | |
| - name: check if the password is correct | |
| run: | | |
| CHECKVAR="${{ env.GH_ENV }}" | |
| if [ "$CHECKVAR" = "test_password" ]; then | |
| echo "password is correct" | |
| exit 0 | |
| else | |
| echo "password is wrong" | |
| echo "password should be \"test_password\" but was $CHECKVAR" | |
| exit 1 | |
| fi | |
| # - name: Run docker-compose | |
| # run: docker-compose -f ./vault-docker/docker-compose.yml up -d | |
| # - name: verifying vault | |
| # run: | | |
| # echo "Waiting for Vault to start..." | |
| # sleep 30 | |
| # docker ps | |
| # echo "docker images" | |
| # export VAULT_ADDR=http://127.0.0.1:8200 | |
| # echo "vault status" | |
| # echo $VAULT_ADDR | |
| # vault status | |
| # echo "login to vault" | |
| # vault login token=vault-plaintext-root-token | |
| # vault token lookup | |
| # echo "Passwort is: (next line)" | |
| # echo $(vault kv get -field=password "/my-secrets/dev") | |
| # mkdir $HOME/.superexport | |
| # touch $HOME/.superexport/.exported.sh | |
| # chmod +x $HOME/.superexport/.exported.sh | |
| # chmod +x superexport.sh | |
| # ./superexport.sh MYKEY password /my-secrets/dev foo | |
| # | |
| # echo "reading secrets from from secret tools" | |
| # source $HOME/.superexport/.secretreader.sh | |
| # echo "mykey is $MYKEY" | |
| # echo "GH_ENV=$MYKEY" >> $GITHUB_ENV | |
| # - name: check if the password is correct | |
| # run: | | |
| # CHECKVAR="${{ env.GH_ENV }}" | |
| # if [ "$CHECKVAR" = "test_password" ]; then | |
| # echo "password is correct" | |
| # exit 0 | |
| # else | |
| # echo "password is wrong" | |
| # echo "password should be \"test_password\" but was $CHECKVAR" | |
| # exit 1 | |
| # fi |