ssgglobal · jesscarlos · Nov 23, 2020 · Nov 23, 2020 · Jan 15, 2021 · Jan 15, 2021
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -8,6 +8,7 @@ on:
     branches:
       - master
     tags:
+      - '*'
 
 jobs:
   # unit tests
@@ -18,26 +19,39 @@ jobs:
     - run: npm ci
     - run: npm test
 
-  # test action works running from the graph  
-  action-test-private:
+  integration-test-latest:
+    # Run only on 'push' or 'pull_request within same repository (not from a fork)'
+    # since workflows triggered for PRs from a fork will not have access to GitHub secrets
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.base.repo.html_url == github.event.pull_request.head.repo.html_url) }}
+    needs: [unit-tests]
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v1
-    - uses: ./
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: ${{ secrets.AWS_REGION }}
+    - uses: ./
+      with:
         secrets: '*secret*'
         parse-json: true
 
-  action-test-public:
+  integration-test-release:
+    # Run only on 'push' or 'pull_request within same repository (not from a fork)'
+    # since workflows triggered for PRs from a fork will not have access to GitHub secrets
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.base.repo.html_url == github.event.pull_request.head.repo.html_url) }}
+    needs: [unit-tests]
     runs-on: ubuntu-latest
     steps:
-    - uses: action-factory/aws-secrets-manager-action@v1.0.0
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: ${{ secrets.AWS_REGION }}
+    - uses: abhilash1in/aws-secrets-manager-action@v2.1.0
+      with:
         secrets: 'my_secret*'
         parse-json: true
diff --git a/.gitignore b/.gitignore
@@ -115,4 +115,6 @@ out
 .pnp.*
 
 # Editors
-.vscode
+.vscode
+*.iml
+.idea
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # AWS Secrets Manager GitHub Action
-[![Tests](https://github.com/action-factory/aws-secrets-manager-action/workflows/Tests/badge.svg?branch=master)](https://github.com/action-factory/aws-secrets-manager-action/actions?query=workflow%3A%22Tests%22)
-[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/action-factory/aws-secrets-manager-action/blob/master/LICENSE)
+[![Tests](https://github.com/abhilash1in/aws-secrets-manager-action/actions/workflows/tests.yml/badge.svg)](https://github.com/abhilash1in/aws-secrets-manager-action/actions/workflows/tests.yml)
+[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/abhilash1in/aws-secrets-manager-action/blob/master/LICENSE)
 
-GitHub Action to fetch secrets from AWS Secrets Manager and inject them as environment variables. 
+GitHub Action to fetch secrets from AWS Secrets Manager and inject them as environment variables into your GitHub Actions workflow. 
 
 The injected environment variable names will only contain upper case letters, digits and underscores. It will not begin with a digit. 
 
@@ -14,14 +14,20 @@ For example:
 - If your secret name is `dev/foo`, value is `{ "bar": "baz" }` and `parse-json` is set to `true`, the injected environment variable name will be `DEV_FOO_BAR` (and value will be `baz`).
 
 ## Usage
+> Refer [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) for AWS recommended best practices on how to configure AWS credentials for use with GitHub Actions.
+
 ```yaml
 steps:
-- name: Read secrets from AWS Secrets Manager into environment variables
-  uses: action-factory/aws-secrets-manager-action@v1.0.0
+- name: Configure AWS Credentials
+  uses: aws-actions/configure-aws-credentials@v1
   with:
     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     aws-region: ${{ secrets.AWS_REGION }}
+
+- name: Read secrets from AWS Secrets Manager into environment variables
+  uses: abhilash1in/aws-secrets-manager-action@v2.1.0
+  with:
     secrets: |
       my_secret_1
       app1/dev/*
@@ -30,15 +36,7 @@ steps:
 - name: Check if env variable is set after fetching secrets
   run: if [ -z ${MY_SECRET_1+x} ]; then echo "MY_SECRET_1 is unset"; else echo "MY_SECRET_1 is set to '$MY_SECRET_1'"; fi
 ```
-- `aws-access-key-id`
-  - Access Key ID of an IAM user with the required [AWS Secrets Manager permissions](#iam-policy).
-  - Empty string can be used ONLY IF you are using a self-hosted GitHub Actions Runner on AWS EC2 instances with an IAM instance profile attached (should have the required [AWS Secrets Manager permissions](#iam-policy)).
-- `aws-secret-access-key`
-  - Corresponding Secret Access Key of the IAM user.
-  - Empty string can be used ONLY IF you are using a self-hosted GitHub Actions Runner on AWS EC2 instances with an IAM instance profile attached (should have the required [AWS Secrets Manager permissions](#iam-policy)).
-- `aws-region`
-  - AWS region code which has your AWS Secrets Manager secrets.
-  - Example: `us-east-1`.
+
 - `secrets`: 
   - List of secret names to be retrieved.
   - Examples:
@@ -66,12 +64,15 @@ steps:
 | `true`       | `foo` = `{ "bar": "baz" }`<br>`ham` = `eggs`     | `FOO_BAR` = `baz` AND<br>`ham` = `eggs`             | If multiple secrets, values that can be parsed into a JSON will be parsed and flattened |
 | `false`      | `dev_foo` = `{ "bar": "baz" }`                   | `DEV_FOO` = `{ "bar": "baz" }`                      | Not parsed                                                                              |
 
+- `disable-warnings`
+  - If `disable-warnings: true`, warnings regarding POSIX compliance in GitHub Actions output will be suppressed.
+
 #### Note:
-- `${{ secrets.YOUR_SECRET_NAME }}` refers to [GitHub Secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets). Create the required secrets (e.g.: AWS credentials) in your GitHub repository before using this GitHub Action.
-- If your secret name contains any characters other than upper case letters, digits and underscores, it will not be used directly as the environment variable name. Rather, it will be transformed into a string that only contains upper case letters, digits and underscores. 
+- `${{ secrets.AWS_ACCESS_KEY_ID }}`, `${{ secrets.AWS_SECRET_ACCESS_KEY }}` and `${{ secrets.AWS_REGION }}` refers to [GitHub Secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets). Create the required secrets in your GitHub repository before using them in this GitHub Action.
+- If your AWS Secrets Manager secret name contains any characters other than upper case letters, digits and underscores, it will not be used directly as the environment variable name. Rather, it will be transformed into a string that only contains upper case letters, digits and underscores. Refer the table above for examples.
 
 ## Features
-- Can fetch secrets from AWS Secrets Manager and inject them into environment variables which can be used in subsequent steps in your workflow. 
+- Can fetch secrets from AWS Secrets Manager and inject them into environment variables which can be used in subsequent steps in your GitHub Actions workflow. 
 - Injects environment variables in a format compatible with most shells.
 - Can fetch multiple secrets at once.
 - Supports wildcards
@@ -114,17 +115,17 @@ The `aws-access-key-id` and `aws-secret-access-key` provided by you should belon
             ],
             "Effect": "Allow",
             "Resource": [
-              "arn:aws:secretsmanager:us-east-1:000000000000:secret:*",
-              "arn:aws:secretsmanager:*:000000000000:secret:mySecretID"
+              "arn:aws:secretsmanager:*:000000000000:secret:*",
+              "arn:aws:secretsmanager:us-east-1:000000000000:secret:mySecretID"
             ]
         }
     ]
 }
 ```
-Here `us-east-1` is the region code which has the secrets, `000000000000` is your [AWS account ID](https://console.aws.amazon.com/billing/home?#/account) and `mySecretID` is the ID of your secret (usually different from a secret name, refer to AWS Secrets Manager console for the exact ID).
+Here `000000000000` is your [AWS account ID](https://console.aws.amazon.com/billing/home?#/account), `us-east-1` is the AWS region code which has the secret(s) and `mySecretID` is the ID of your secret (usually different from a secret name). Please refer your AWS Secrets Manager console for the exact resource ARN.
 
 ## Contributing
-We would love for you to contribute to [`@action-factory/aws-secrets-manager-action`](https://github.com/action-factory/aws-secrets-manager-action). [Issues](https://github.com/action-factory/aws-secrets-manager-action/issues) and [Pull Requests](https://github.com/action-factory/aws-secrets-manager-action/pulls) are welcome!
+We would love for you to contribute to [`@abhilash1in/aws-secrets-manager-action`](https://github.com/abhilash1in/aws-secrets-manager-action). [Issues](https://github.com/abhilash1in/aws-secrets-manager-action/issues) and [Pull Requests](https://github.com/abhilash1in/aws-secrets-manager-action/pulls) are welcome!
 
 ## License
-The scripts and documentation in this project are released under the [MIT License](https://github.com/action-factory/aws-secrets-manager-action/blob/master/LICENSE).
+The scripts and documentation in this project are released under the [MIT License](https://github.com/abhilash1in/aws-secrets-manager-action/blob/master/LICENSE).
diff --git a/__tests__/index.test.ts b/__tests__/index.test.ts
@@ -1,23 +1,13 @@
-import { getSecretValue, listSecrets, getSecretValueMap, getSecretNamesToFetch } from '../src/index'
-import { getPOSIXString } from '../src/utils'
+import { getSecretValue, listSecrets, getSecretValueMap, getSecretNamesToFetch } from '../src/awsUtils'
 import { SecretsManager } from 'aws-sdk'
-import { Inputs } from '../src/constants'
 import { resolve } from "path"
 import { config } from "dotenv"
 
 jest.mock('aws-sdk')
 
 config({ path: resolve(__dirname, "../.env") })
 
-// In case we want to make actual AWS calls during integration tests instead of jest mock calls
-const AWSConfig = {
-  accessKeyId: process.env[getPOSIXString(Inputs.AWS_ACCESS_KEY_ID)],
-  secretAccessKey: process.env[getPOSIXString(Inputs.AWS_SECRET_ACCESS_KEY)],
-  region: process.env[getPOSIXString(Inputs.AWS_REGION)]
-}
-
-const secretsManagerClient = new SecretsManager(AWSConfig)
-
+const secretsManagerClient = new SecretsManager({})
 
 test('Fetch Secret Value: Valid Secret Name', () => {
   expect.assertions(2)
@@ -59,7 +49,7 @@ test('Get Secret Value Map: parse=false, plain-text value', () => {
 test('Get Secret Value Map: parse=true, JSON string value', () => {
   expect.assertions(1)
   return getSecretValueMap(secretsManagerClient, 'my_secret_2', true).then(secretValueMap => {
-    expect(secretValueMap).toMatchObject({ 'my_secret_2.foo': 'bar' })
+    expect(secretValueMap).toMatchObject({ 'my_secret_2_foo': 'bar' })
   })
 })
 
@@ -73,7 +63,7 @@ test('Get Secret Value Map: parse=false, JSON string value', () => {
 test('Get Secret Value Map: parse=true, Base64 encoded JSON string value', () => {
   expect.assertions(1)
   return getSecretValueMap(secretsManagerClient, 'my/secret/3', true).then(secretValueMap => {
-    expect(secretValueMap).toMatchObject({ 'my/secret/3.foo': 'bar' })
+    expect(secretValueMap).toMatchObject({ 'my/secret/3_foo': 'bar' })
   })
 })
 
@@ -96,4 +86,4 @@ test('Get Secret Names To Fetch: Multiple Wild Card Names', () => {
   return getSecretNamesToFetch(secretsManagerClient, ['my*', 'my_secret*', 'invalidfoobarbaz']).then(secretNames => {
     expect(secretNames.sort()).toEqual(['my_secret_1', 'my_secret_2', 'my/secret/3'].sort())
   })
-})
+})
diff --git a/__tests__/utils.test.ts b/__tests__/utils.test.ts
@@ -21,7 +21,7 @@ test('Valid JSON object', () => {
 })
 
 test('Valid JSON object string test', () => {
-    expect(flattenJSONObject({"foo": {"bar": "baz"}})).toMatchObject({"foo.bar": "baz"})
+    expect(flattenJSONObject({"foo": {"bar": "baz"}})).toMatchObject({"foo_bar": "baz"})
 })
 
 test('FilterBy test', () => {

diff --git a/action.yml b/action.yml
@@ -1,23 +1,18 @@
 name: 'AWS Secrets Manager Action'
 author: 'Abhilash Kishore'
-description: 'GitHub Action to fetch secrets from AWS Secrets Manager'
+description: 'Use secrets from AWS Secrets Manager as environment variables in your GitHub Actions workflow'
 inputs:
-  aws-access-key-id:
-    description: 'Access Key ID of the IAM user with the required AWS Secrets Manager permissions'
-    required: true
-  aws-secret-access-key:
-    description: 'Corresponding Secret Access Key of the IAM user with the required AWS Secrets Manager permissions'
-    required: true
-  aws-region:
-    description: 'The region of AWS Secrets Manager which contains your secrets (e.g.: us-east-1)'
-    required: true
   secrets:
     description: 'List of secret names you want to fetch secret values for'
     required: true
   parse-json:
     description: 'If true and secret values are stringified JSON objects, they will be parsed and flattened. Its key value pairs will become individual secrets'
     required: false
     default: 'false'
+  disable-warnings:
+    description: 'If true, disable annotation warnings in the GitHub Actions output.'
+    required: false
+    default: 'false'
 runs:
   using: 'node12'
   main: 'dist/index.js'