From 6cf81037426f331e2944b77b84f6f3348f856c70 Mon Sep 17 00:00:00 2001 From: jaime merino Date: Fri, 24 Apr 2026 11:38:07 +0200 Subject: [PATCH] initial commit --- .forgejo/workflows/test.yml | 37 +++++++++++ .gitignore | 4 ++ .idea/.gitignore | 8 +++ .idea/modules.xml | 8 +++ .idea/stackit-cli.iml | 9 +++ .idea/vcs.xml | 6 ++ LICENSE | 21 ++++++ README.md | 60 ++++++++++++++++++ action.yml | 123 ++++++++++++++++++++++++++++++++++++ 9 files changed, 276 insertions(+) create mode 100644 .forgejo/workflows/test.yml create mode 100644 .gitignore create mode 100644 .idea/.gitignore create mode 100644 .idea/modules.xml create mode 100644 .idea/stackit-cli.iml create mode 100644 .idea/vcs.xml create mode 100644 LICENSE create mode 100644 README.md create mode 100644 action.yml diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml new file mode 100644 index 0000000..452e3fd --- /dev/null +++ b/.forgejo/workflows/test.yml @@ -0,0 +1,37 @@ +name: Test STACKIT Auth Action + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run STACKIT Auth Action + uses: ./ + id: auth + with: + service-account-key: ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }} + project-id: ${{ secrets.STACKIT_PROJECT_ID }} + + - name: Verify CLI Installation + run: | + stackit version + + - name: Verify Output Token + run: | + if [ -z "${{ steps.auth.outputs.bearer-token }}" ]; then + echo "Error: bearer-token output is empty" + exit 1 + fi + if [ -z "$STACKIT_BEARER_TOKEN" ]; then + echo "Error: STACKIT_BEARER_TOKEN environment variable is not set" + exit 1 + fi + echo "Token successfully generated and masked." diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..42db099 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +# Ignore binary and temporary files +stackit +sa-key.json +*.tar.gz diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..13566b8 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000..4bd316a --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/stackit-cli.iml b/.idea/stackit-cli.iml new file mode 100644 index 0000000..5e764c4 --- /dev/null +++ b/.idea/stackit-cli.iml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..35eb1dd --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3048bcc --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 STACKIT + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..55c8e60 --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ +# STACKIT Auth Action + +This Forgejo/GitHub Action installs the [STACKIT CLI](https://github.com/stackitcloud/stackit-cli) and authenticates it using a STACKIT Service Account. It also retrieves a Bearer Token and exports it for use in subsequent steps. + +## Features + +- Installs the STACKIT CLI on Linux-based runners. +- Authenticates using a Service Account Key (JSON). +- Scopes the access token to a specific Project ID if provided. +- Masks the Bearer Token in logs for security. +- Exports `STACKIT_BEARER_TOKEN` as an environment variable and an action output. + +## Usage + +Add the following step to your `.forgejo/workflows/` (or `.github/workflows/`) file: + +```yaml +jobs: + my-job: + runs-on: ubuntu-latest + steps: + - name: Authenticate with STACKIT + uses: stackit-auth-action@v1 + id: stackit-auth + with: + service-account-key: ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }} + project-id: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' + + - name: Use STACKIT CLI + run: | + stackit project list + + - name: Use Bearer Token with curl + run: | + curl -H "Authorization: Bearer ${{ steps.stackit-auth.outputs.bearer-token }}" \ + https://api.stackit.cloud/ske/v1/projects/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/clusters +``` + +## Inputs + +| Name | Description | Required | Default | +|------|-------------|----------|---------| +| `service-account-key` | The JSON content of your STACKIT Service Account Key. | Yes | N/A | +| `project-id` | STACKIT Project ID to scope the token. | No | N/A | +| `cli-version` | Version of STACKIT CLI to install (without "v" prefix). | No | `0.61.0` | + +## Outputs + +| Name | Description | +|------|-------------| +| `bearer-token` | The generated STACKIT Bearer Token (masked in logs). | + +## Environment Variables + +This action sets the following environment variable for subsequent steps: +- `STACKIT_BEARER_TOKEN` + +## License + +MIT diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..84abb4b --- /dev/null +++ b/action.yml @@ -0,0 +1,123 @@ +name: 'STACKIT Auth Action' +description: 'Install STACKIT CLI and authenticate with a Service Account' +author: 'STACKIT' +branding: + icon: 'lock' + color: 'blue' + +inputs: + service-account-key: + description: 'STACKIT Service Account Key (JSON content)' + required: true + project-id: + description: 'STACKIT Project ID to scope the token (optional)' + required: false + cli-version: + description: 'Version of STACKIT CLI to install (without "v" prefix)' + required: false + default: '0.61.0' + +outputs: + bearer-token: + description: 'The generated STACKIT Bearer Token' + value: ${{ steps.get-token.outputs.token }} + +runs: + using: 'composite' + steps: + - name: Install STACKIT CLI + shell: bash + run: | + VERSION="${{ inputs.cli-version }}" + + # Detect OS + OS=$(uname -s | tr '[:upper:]' '[:lower:]') + case "$OS" in + linux*) OS="linux" ;; + darwin*) OS="darwin" ;; + msys*|cygwin*|mingw*) OS="windows" ;; + *) echo "Unsupported OS: $OS"; exit 1 ;; + esac + + # Detect ARCH + ARCH=$(uname -m) + case "$ARCH" in + x86_64) ARCH="amd64" ;; + aarch64|arm64) ARCH="arm64" ;; + *) echo "Unsupported Architecture: $ARCH"; exit 1 ;; + esac + + EXT="tar.gz" + if [ "$OS" = "windows" ]; then EXT="zip"; fi + + URL="https://github.com/stackitcloud/stackit-cli/releases/download/v${VERSION}/stackit-cli_${VERSION}_${OS}_${ARCH}.${EXT}" + + echo "Downloading STACKIT CLI v${VERSION} for ${OS}/${ARCH}..." + if [ "$OS" = "windows" ]; then + curl -sL "$URL" -o stackit.zip + unzip -q stackit.zip + rm stackit.zip + else + curl -sL "$URL" | tar -xz + fi + + if [ ! -f stackit ] && [ ! -f stackit.exe ]; then + echo "Error: stackit binary not found after extraction" + ls -R + exit 1 + fi + + if [ "$OS" = "linux" ] || [ "$OS" = "darwin" ]; then + sudo mv stackit /usr/local/bin/stackit + chmod +x /usr/local/bin/stackit + else + # Windows handling (minimal) + mkdir -p bin + mv stackit.exe bin/stackit.exe + echo "$(pwd)/bin" >> $GITHUB_PATH + fi + + echo "STACKIT CLI installed successfully." + stackit version + + - name: Authenticate and Get Token + id: get-token + shell: bash + env: + SA_KEY: ${{ inputs.service-account-key }} + PROJECT_ID: ${{ inputs.project-id }} + run: | + # Write the service account key to a temporary file + SA_KEY_FILE=$(mktemp) + echo "$SA_KEY" > "$SA_KEY_FILE" + + # Configure the CLI to use the service account key + export STACKIT_SERVICE_ACCOUNT_KEY_PATH="$SA_KEY_FILE" + + echo "Authenticating and retrieving access token..." + + # Construct command + CMD="stackit auth get-access-token --only-print-access-token" + if [ -n "$PROJECT_ID" ]; then + CMD="$CMD --project-id $PROJECT_ID" + fi + + # Execute and capture token + TOKEN=$($CMD) + + if [ -z "$TOKEN" ]; then + echo "Error: Failed to retrieve access token" + rm "$SA_KEY_FILE" + exit 1 + fi + + # Mask the token in logs + echo "::add-mask::$TOKEN" + + # Set output and environment variable + echo "token=$TOKEN" >> "$GITHUB_OUTPUT" + echo "STACKIT_BEARER_TOKEN=$TOKEN" >> "$GITHUB_ENV" + + # Clean up + rm "$SA_KEY_FILE" + echo "Successfully authenticated and exported STACKIT_BEARER_TOKEN."