Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First attempt at GitHub Secrets #184

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

First attempt at GitHub Secrets #184

wants to merge 2 commits into from

Conversation

TylerLeonhardt
Copy link
Member

@TylerLeonhardt TylerLeonhardt commented May 27, 2020
edited
Loading

This adds the following cmdlets:

This does take a dependency on a module I created for this use-case: PSSodium
https://www.powershellgallery.com/packages/PSSodium/0.2.0

which just exposes a

ConvertTo-SodiumEncryptedString -Text <securestring> -PublicKey <string>

I'll get that in its own repo soon-ish. Done: https://github.com/TylerLeonhardt/PSSodium

Open questions

  • Some operations depend on others... so the output looks silly and this text appears multiple times...
Telemetry is currently enabled.  It can be disabled by calling "Set-GitHubConfiguration -DisableTelemetry". Refer to USAGE.md#telemetry for more information. Stop seeing this message in the future by calling "Set-GitHubConfiguration -SuppressTelemetryReminder".                                                                                             
Telemetry is currently enabled.  It can be disabled by calling "Set-GitHubConfiguration -DisableTelemetry". Refer to USAGE.md#telemetry for more information. Stop seeing this message in the future by calling "Set-GitHubConfiguration -SuppressTelemetryReminder".                                                                                             
Telemetry is currently enabled.  It can be disabled by calling "Set-GitHubConfiguration -DisableTelemetry". Refer to USAGE.md#telemetry for more information. Stop seeing this message in the future by calling "Set-GitHubConfiguration -SuppressTelemetryReminder".

any way I can avoid that?

  • How can I test this? Ideally in GitHub Actions in a full E2E way but I'll need your help enabling that

@TylerLeonhardt
Copy link
Member Author

cc @HowardWolosky

@TylerLeonhardt
Copy link
Member Author

I considered adding support for the Org-level secrets but put that on hold for now:
https://developer.github.com/v3/actions/secrets/#list-organization-secrets

@HowardWolosky HowardWolosky added api-actions-secrets Work to complete the API's defined here: https://developer.github.com/v3/actions/secrets enhancement An issue or pull request introducing new functionality to the project. labels Jun 2, 2020
@HowardWolosky HowardWolosky added api completeness This is basic API functionality that hasn't been implemented yet. under consideration and removed enhancement An issue or pull request introducing new functionality to the project. labels Jun 18, 2020
@TylerLeonhardt
Copy link
Member Author

TylerLeonhardt commented Jul 20, 2020
edited
Loading

So, something I was thinking about... since PowerShellForGitHub exposes Invoke-GHRestMethod and Invoke-GHRestMethodMultipleResult I was thinking about refactoring this PR to only include:

Then I'll make my own module called CreateGitHubSecrets or something that depends on PSSodium and PowerShellForGitHub that will implement:

@HowardWolosky
Copy link
Member

I think that would totally unblock this in the short term, and provides an easy path towards moving New/Set back into here at some point in the future (since they would have already been built on-top of Invoke-GHRestMethod) should it become more clear that taking on external dependencies makes sense.

@TylerLeonhardt TylerLeonhardt force-pushed the added-github-secrets-support branch from 77d5805 to fdf6477 Compare July 21, 2020 05:12
@TylerLeonhardt
Copy link
Member Author

Alright I removed those but to write tests I need you to add a couple test secrets to either one of the test repos or to this repo. Let me know when you do that - I can't get the value so set that to whatever. The name can be whatever you want but share those here for me.

@HowardWolosky
Copy link
Member

Would an organization secret work? A secret stored in this repository won't help, because the accounts that are used while running CI don't have access to this repo. And there currently is no repo that is guaranteed to exist in any of the test accounts...but the organization is guaranteed to be available, so I could add a secret to the test organizations.

If you do this though, you should add a comment to the tests (and to the CONTRIBUTING.md documentation in the tests section) to indicate that there is the expectation for those secrets to exist in the test organization in order for those tests to succeed...

@TylerLeonhardt
Copy link
Member Author

No I don't think org secrets will work. That's a separate API and should be tested in and of itself.

@JustinGrote
Copy link

@HowardWolosky if this gets completed and merged I would happily contribute a Powershell SecretManagement Provider that would leverage this API to easily fetch repository secrets.
https://github.com/powershell/secretmanagement

@TylerLeonhardt
Copy link
Member Author

@JustinGrote the problem is that there's no way to retrieve the value of secrets. You can set them and list meta data about them, but you can't get them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
api completeness This is basic API functionality that hasn't been implemented yet. api-actions-secrets Work to complete the API's defined here: https://developer.github.com/v3/actions/secrets under consideration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TylerLeonhardt @HowardWolosky @JustinGrote