initial commit

2026-04-24 11:38:07 +02:00 · 2026-04-24 11:38:07 +02:00 · 6cf8103742
commit 6cf8103742
9 changed files with 276 additions and 0 deletions
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@ -0,0 +1,37 @@
+name: Test STACKIT Auth Action
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run STACKIT Auth Action
+        uses: ./
+        id: auth
+        with:
+          service-account-key: ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }}
+          project-id: ${{ secrets.STACKIT_PROJECT_ID }}
+
+      - name: Verify CLI Installation
+        run: |
+          stackit version
+
+      - name: Verify Output Token
+        run: |
+          if [ -z "${{ steps.auth.outputs.bearer-token }}" ]; then
+            echo "Error: bearer-token output is empty"
+            exit 1
+          fi
+          if [ -z "$STACKIT_BEARER_TOKEN" ]; then
+            echo "Error: STACKIT_BEARER_TOKEN environment variable is not set"
+            exit 1
+          fi
+          echo "Token successfully generated and masked."
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+# Ignore binary and temporary files
+stackit
+sa-key.json
+*.tar.gz
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
--- a/.idea/modules.xml
+++ b/.idea/modules.xml
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/stackit-cli.iml" filepath="$PROJECT_DIR$/.idea/stackit-cli.iml" />
+    </modules>
+  </component>
+</project>
--- a/.idea/stackit-cli.iml
+++ b/.idea/stackit-cli.iml
@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 STACKIT
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,60 @@
+# STACKIT Auth Action
+
+This Forgejo/GitHub Action installs the [STACKIT CLI](https://github.com/stackitcloud/stackit-cli) and authenticates it using a STACKIT Service Account. It also retrieves a Bearer Token and exports it for use in subsequent steps.
+
+## Features
+
+- Installs the STACKIT CLI on Linux-based runners.
+- Authenticates using a Service Account Key (JSON).
+- Scopes the access token to a specific Project ID if provided.
+- Masks the Bearer Token in logs for security.
+- Exports `STACKIT_BEARER_TOKEN` as an environment variable and an action output.
+
+## Usage
+
+Add the following step to your `.forgejo/workflows/` (or `.github/workflows/`) file:
+
+```yaml
+jobs:
+  my-job:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Authenticate with STACKIT
+        uses: stackit-auth-action@v1
+        id: stackit-auth
+        with:
+          service-account-key: ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }}
+          project-id: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
+
+      - name: Use STACKIT CLI
+        run: |
+          stackit project list
+
+      - name: Use Bearer Token with curl
+        run: |
+          curl -H "Authorization: Bearer ${{ steps.stackit-auth.outputs.bearer-token }}" \
+               https://api.stackit.cloud/ske/v1/projects/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/clusters
+```
+
+## Inputs
+
+| Name | Description | Required | Default |
+|------|-------------|----------|---------|
+| `service-account-key` | The JSON content of your STACKIT Service Account Key. | Yes | N/A |
+| `project-id` | STACKIT Project ID to scope the token. | No | N/A |
+| `cli-version` | Version of STACKIT CLI to install (without "v" prefix). | No | `0.61.0` |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| `bearer-token` | The generated STACKIT Bearer Token (masked in logs). |
+
+## Environment Variables
+
+This action sets the following environment variable for subsequent steps:
+- `STACKIT_BEARER_TOKEN`
+
+## License
+
+MIT
--- a/action.yml
+++ b/action.yml
@ -0,0 +1,123 @@
+name: 'STACKIT Auth Action'
+description: 'Install STACKIT CLI and authenticate with a Service Account'
+author: 'STACKIT'
+branding:
+  icon: 'lock'
+  color: 'blue'
+
+inputs:
+  service-account-key:
+    description: 'STACKIT Service Account Key (JSON content)'
+    required: true
+  project-id:
+    description: 'STACKIT Project ID to scope the token (optional)'
+    required: false
+  cli-version:
+    description: 'Version of STACKIT CLI to install (without "v" prefix)'
+    required: false
+    default: '0.61.0'
+
+outputs:
+  bearer-token:
+    description: 'The generated STACKIT Bearer Token'
+    value: ${{ steps.get-token.outputs.token }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install STACKIT CLI
+      shell: bash
+      run: |
+        VERSION="${{ inputs.cli-version }}"
+        
+        # Detect OS
+        OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+        case "$OS" in
+          linux*) OS="linux" ;;
+          darwin*) OS="darwin" ;;
+          msys*|cygwin*|mingw*) OS="windows" ;;
+          *) echo "Unsupported OS: $OS"; exit 1 ;;
+        esac
+        
+        # Detect ARCH
+        ARCH=$(uname -m)
+        case "$ARCH" in
+          x86_64) ARCH="amd64" ;;
+          aarch64|arm64) ARCH="arm64" ;;
+          *) echo "Unsupported Architecture: $ARCH"; exit 1 ;;
+        esac
+        
+        EXT="tar.gz"
+        if [ "$OS" = "windows" ]; then EXT="zip"; fi
+        
+        URL="https://github.com/stackitcloud/stackit-cli/releases/download/v${VERSION}/stackit-cli_${VERSION}_${OS}_${ARCH}.${EXT}"
+        
+        echo "Downloading STACKIT CLI v${VERSION} for ${OS}/${ARCH}..."
+        if [ "$OS" = "windows" ]; then
+          curl -sL "$URL" -o stackit.zip
+          unzip -q stackit.zip
+          rm stackit.zip
+        else
+          curl -sL "$URL" | tar -xz
+        fi
+        
+        if [ ! -f stackit ] && [ ! -f stackit.exe ]; then
+          echo "Error: stackit binary not found after extraction"
+          ls -R
+          exit 1
+        fi
+        
+        if [ "$OS" = "linux" ] || [ "$OS" = "darwin" ]; then
+          sudo mv stackit /usr/local/bin/stackit
+          chmod +x /usr/local/bin/stackit
+        else
+          # Windows handling (minimal)
+          mkdir -p bin
+          mv stackit.exe bin/stackit.exe
+          echo "$(pwd)/bin" >> $GITHUB_PATH
+        fi
+        
+        echo "STACKIT CLI installed successfully."
+        stackit version
+
+    - name: Authenticate and Get Token
+      id: get-token
+      shell: bash
+      env:
+        SA_KEY: ${{ inputs.service-account-key }}
+        PROJECT_ID: ${{ inputs.project-id }}
+      run: |
+        # Write the service account key to a temporary file
+        SA_KEY_FILE=$(mktemp)
+        echo "$SA_KEY" > "$SA_KEY_FILE"
+        
+        # Configure the CLI to use the service account key
+        export STACKIT_SERVICE_ACCOUNT_KEY_PATH="$SA_KEY_FILE"
+        
+        echo "Authenticating and retrieving access token..."
+        
+        # Construct command
+        CMD="stackit auth get-access-token --only-print-access-token"
+        if [ -n "$PROJECT_ID" ]; then
+          CMD="$CMD --project-id $PROJECT_ID"
+        fi
+        
+        # Execute and capture token
+        TOKEN=$($CMD)
+        
+        if [ -z "$TOKEN" ]; then
+          echo "Error: Failed to retrieve access token"
+          rm "$SA_KEY_FILE"
+          exit 1
+        fi
+        
+        # Mask the token in logs
+        echo "::add-mask::$TOKEN"
+        
+        # Set output and environment variable
+        echo "token=$TOKEN" >> "$GITHUB_OUTPUT"
+        echo "STACKIT_BEARER_TOKEN=$TOKEN" >> "$GITHUB_ENV"
+        
+        # Clean up
+        rm "$SA_KEY_FILE"
+        echo "Successfully authenticated and exported STACKIT_BEARER_TOKEN."