Fix #4 set-env (#5)

* fix #4 set-env * Update main.yml * Update to self-hosted runner & new lab env * Update main.yml * Update main.yml * Update README.md
infamousjoeg · Mar 7, 2022 · 60caaad · 60caaad
1 parent 783413e
commit 60caaad
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -4,12 +4,13 @@ on:
   push:
     branches:
       - master
+  pull_request:
   schedule:
     - cron: 0 0 ? * *
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
 
     steps:
       - uses: actions/checkout@v1
@@ -20,6 +21,8 @@ jobs:
           account: cyberarkdemo
           host_id: ${{ secrets.CONJUR_USERNAME }}
           api_key: ${{ secrets.CONJUR_API_KEY }}
-          secrets: db/sqlusername | sql_username; db/sql_password
-      - name: Check Environment Outside Docker Container for Secret Masking
-        run: env | grep SQL_
+          secrets: SyncVault/LOB_CI/D-Win-SvcAccts/Operating System-WinDomain-joegarcia.dev-Svc_SSIS/username|sql_username;SyncVault/LOB_CI/D-Win-SvcAccts/Operating System-WinDomain-joegarcia.dev-Svc_SSIS/password|sql_password
+      - name: Check SQL_USERNAME Outside Docker Container for Secret Masking
+        run: printenv SQL_USERNAME | sed 's/./& /g'
+      - name: Check SQL_PASSWORD Outside Docker Container for Secret Masking
+        run: printenv SQL_PASSWORD | sed 's/./& /g'
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ jobs:
           account: cyberarkdemo
           host_id: ${{ secrets.CONJUR_USERNAME }}
           api_key: ${{ secrets.CONJUR_API_KEY }}
-          secrets: db/sqlusername | sql_username; db/sql_password
+          secrets: db/sqlusername|sql_username;db/sql_password
       # ...
 ```
 
@@ -41,15 +41,15 @@ jobs:
 
 ## Secrets Syntax
 
-`{{ conjurVariable1 | envVarName1; conjurVariable2 }}`
+`{{ conjurVariable1|envVarName1;conjurVariable2 }}`
 
-The `secrets` argument is a semi-colon (`;`) delimited list of secrets. The list can optionally contain the name to set for the environment variable.
+The `secrets` argument is a semi-colon (`;`) delimited list of secrets. Spaces are NOT SUPPORTED. The list can optionally contain the name to set for the environment variable.
 
 ### Example
 
-`db/sqlusername | sql_username; db/sql_password`
+`db/sqlusername|sql_username;db/sql_password`
 
-In the above example, the first secret section is `db/sqlusername | sql_username`.  The `|` separates the Conjur Variable ID from the environment variable that will contain the value of the Conjur Variable's value.
+In the above example, the first secret section is `db/sqlusername|sql_username`.  The `|` separates the Conjur Variable ID from the environment variable that will contain the value of the Conjur Variable's value.
 
 The second secret section is `db/sql_password`.  When no name is given for the environment variable, the Conjur Variable Name will be used.  In this example, the value would be set to `SQL_PASSWORD` as the environment variable name.
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -64,7 +64,7 @@ set_secrets() {
         fi
 
         echo ::add-mask::"${secretVal}" # Masks the value in all logs & output
-        echo ::set-env name="${envVar}"::"${secretVal}" # Set environment variable
+        echo "${envVar}=${secretVal}" >> $GITHUB_ENV # Set environment variable
     done
 }