Mock YAML Secrets Action

This action will scan all your YAML files for secrets and makes a secrets.yaml that can be used by other actions.

We don't want our secrets.yaml file to be checked in and this can cause some challenges when want to verify or built a project. Having a separate secrets.yaml for CI/CD is a nice solution, but requires manual updates and usually you find out after a failed workflow that you forgot to update.

With this action you can generate a secrets.yaml file with some rules that are applicable to your project. And your CI/CD will be happy again.

This action is designed to work well with:

Usage

You can use this action in your workflow as desired, see the following example.

name: CI

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v3

      - name: Mock secrets
        uses: golles/mock-yaml-secrets-action@v1
        with:
          configFile: '.github/workflows/mock-secrets-config.json'

      - name: Build software
        run: echo done # Your build that requires a secret file.

Configuration

Configuration is provided in a JSON file, the file is required but can contain an empty object {} for defaults. In the example above the file is located at .github/workflows/mock-secrets-config.json.

Configuration	Default value	Explaination
directory	`'./'`	The directory to scan recursively for `YAML` files
excludePaths	`[]`	Paths you want to exclude, eg. `[".github", ".vscode"]`
secretFile	`'secrets.yaml'`	Output secret filename
defaultValue	`'value0123'`	The default value for secrets that don't match any rules
rules	`{}`	See below

Rules

Rules are applied in the order they are provided, after a successful match no other rules are attempted. A regular expression should be used as the key, the value will be used as a secret.

{
  "directory": "./",
  "excludePaths": [".github", ".vscode"],
  "secretFile": "secrets.yaml",
  "defaultValue": "secret",
  "rules": {
    ".*_ip": "10.0.0.12",
    ".*_mac": "00:00:00:00:00:00",
    ".*_url": "https://foo.bar",
    "network_subnet": "10.0.0.0/8",
    "encryption_key": "12345678901234567890123456789012"
  }
}

Technical note: the regular expression is tested with new RegExp(rule).test() More info on mozilla.org

Name		Name	Last commit message	Last commit date
Latest commit History 125 Commits
.devcontainer		.devcontainer
.github		.github
.vscode		.vscode
__tests__		__tests__
dist		dist
scripts		scripts
src		src
.eslintignore		.eslintignore
.gitattributes		.gitattributes
.gitignore		.gitignore
.node-version		.node-version
.prettierignore		.prettierignore
.prettierrc.json		.prettierrc.json
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml
package-lock.json		package-lock.json
package.json		package.json
sonar-project.properties		sonar-project.properties
tsconfig.eslintrc.json		tsconfig.eslintrc.json
tsconfig.json		tsconfig.json

License

golles/mock-yaml-secrets-action

Folders and files

Latest commit

History

Repository files navigation

Mock YAML Secrets Action

Usage

Configuration

Rules

About

Resources

License

Stars

Watchers

Forks

Sponsor this project

Languages