Skip to content

Commit

Permalink
Merge pull request #4 from LeastAuthority/3.import-action
Browse files Browse the repository at this point in the history 
Import existing action
  • Loading branch information
@btlogy
btlogy authored Apr 6, 2023
2 parents eb0562f + 3c56757 commit 5430860
Show file tree
Hide file tree
Showing 3 changed files with 204 additions and 2 deletions.
132 changes: 132 additions & 0 deletions .github/workflows/integrate.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
name: Integration

on:
push:
branches:
- main
paths:
- '.github/workflows/integrate.yml'
- 'action.yml'
pull_request:
branches:
- main
paths:
- '.github/workflows/integrate.yml'
- 'action.yml'
env:
TEST_CONTENT: "This is a content string for test"
jobs:
test_defaults:
name: Test defaults
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Call action w/o inputs
id: call
uses: ./
continue-on-error: true

- name: Verify FS
id: verify
run: |
cat <<EOF > "${{ steps.call.outputs.mnt }}/content"
${{ env.TEST_CONTENT }}
EOF
test "$(cat "${{ steps.call.outputs.mnt }}/content")" = "${{ env.TEST_CONTENT }}"
continue-on-error: true

- name: Cleanup
id: cleanup
run: |
sudo umount "${{ steps.call.outputs.mnt }}"
continue-on-error: true

- name: Proper exit
run: |
if [ ${{ steps.call.outcome }} != 'success' \
-o ${{ steps.verify.outcome }} != 'success' \
-o ${{ steps.cleanup.outcome }} != 'success' ]
then
echo ":x: Test failed" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo ":heavy_check_mark: Test succeeded" >> $GITHUB_STEP_SUMMARY
fi
test_size:
name: Test size
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Call action with size
id: call
uses: ./
with:
size: 4

- name: Verify FS
id: verify
run: |
cat <<EOF > "${{ steps.call.outputs.mnt }}/content"
${{ env.TEST_CONTENT }}
EOF
test "$(cat "${{ steps.call.outputs.mnt }}/content")" = "${{ env.TEST_CONTENT }}"
continue-on-error: true

- name: Cleanup
id: cleanup
run: |
sudo umount "${{ steps.call.outputs.mnt }}"
continue-on-error: true

- name: Proper exit
run: |
if [ ${{ steps.call.outcome }} != 'success' \
-o ${{ steps.verify.outcome }} != 'success' \
-o ${{ steps.cleanup.outcome }} != 'success' ]
then
echo ":x: Test failed" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo ":heavy_check_mark: Test succeeded" >> $GITHUB_STEP_SUMMARY
fi
test_root:
name: Test root
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Call action with root
id: call
uses: ./
with:
root: ./test_root

- name: Verify FS
id: verify
run: |
cat <<EOF > "${{ steps.call.outputs.mnt }}/content"
${{ env.TEST_CONTENT }}
EOF
test "$(cat "${{ steps.call.outputs.mnt }}/content")" = "${{ env.TEST_CONTENT }}"
continue-on-error: true

- name: Cleanup
id: cleanup
run: |
sudo umount "${{ steps.call.outputs.mnt }}"
continue-on-error: true

- name: Proper exit
run: |
if [ ${{ steps.call.outcome }} != 'success' \
-o ${{ steps.verify.outcome }} != 'success' \
-o ${{ steps.cleanup.outcome }} != 'success' ]
then
echo ":x: Test failed" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo ":heavy_check_mark: Test succeeded" >> $GITHUB_STEP_SUMMARY
fi
38 changes: 36 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,36 @@
# mount-tmpfs-action
Create and mount a temporary disk in memory
# mount-tmpfs
GitHub action to create and mount a temporary file system in memory.

It can be used as an attempt to keep secrets from being written to disk.

## Usage

> :warning: Please consider the physical limitations of the GitHub runners before
changing the values.

```yaml
- name: Get a tmpfs for our secret
id: tmpfs
uses: LeastAuthority/mount-tmpfs-action@v1
with:
size: 2
root: '/mnt'
```
The action then returns the uuid and the mount point of the tmpfs as outputs.
```yaml
- name: Import secret in tmpfs
run: |
cat <<EOF > "${{ steps.tmpfs.outputs.mnt }}/secret_key"
${{ secrets.KEY }}
EOF
```
Optionally, the tmpfs could be removed when no longer needed.
```yaml
- name: Cleanup
run: |
sudo umount "${{ steps.tmpfs.outputs.mnt }}"
```
36 changes: 36 additions & 0 deletions action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: 'mount-tmpfs'
description: 'Create and mount a temporary file system in memory'
inputs:
size:
description: FS size in MB (>= 1)
required: true
default: 1
root:
description: 'Root path for the mount point (default = working directory)'
required: true
default: '.'
outputs:
uuid:
description: 'Device uuid of the disk'
value: ${{ steps.create.outputs.uuid }}
mnt:
description: 'Mount path of the disk (=<root>/<uuid>)'
value: ${{ steps.create.outputs.mnt }}
runs:
using: "composite"
steps:
- name: Create
id: create
shell: bash
run: |
UUID="$(uuidgen)"
MNT="${{ inputs.root }}/${UUID}"
echo ":rocket: Temp FS ${MNT} creation started" >> $GITHUB_STEP_SUMMARY
sudo mkdir -p "${MNT}" \
&& echo ":heavy_check_mark: Temp FS mount point creation succeeded" >> $GITHUB_STEP_SUMMARY \
|| { echo ":x: Temp FS mount point creation failed" >> $GITHUB_STEP_SUMMARY; exit 1; }
sudo mount -o size=${{ inputs.size }},uid=$(id -u) -t tmpfs tmpfs "${MNT}" \
&& echo ":heavy_check_mark: Temp FS mount operation succeeded" >> $GITHUB_STEP_SUMMARY \
|| { echo ":x: Temp FS mount operation failed" >> $GITHUB_STEP_SUMMARY; exit 1; }
echo "uuid=${UUID}" >> $GITHUB_OUTPUT
echo "mnt=${MNT}" >> $GITHUB_OUTPUT

0 comments on commit 5430860

Please sign in to comment.