diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 037f22b..3dbaf18 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -15,6 +15,7 @@ jobs: matrix: features: - bitwarden-cli + - bitwarden-secrets-manager baseImage: - debian:latest - ubuntu:latest @@ -35,6 +36,7 @@ jobs: matrix: features: - bitwarden-cli + - bitwarden-secrets-manager steps: - uses: actions/checkout@v4 diff --git a/src/bitwarden-secrets-manager/README.md b/src/bitwarden-secrets-manager/README.md new file mode 100644 index 0000000..a9090d5 --- /dev/null +++ b/src/bitwarden-secrets-manager/README.md @@ -0,0 +1,26 @@ + +# Bitwarden Secrets Manager CLI (bws) (bitwarden-secrets-manager) + +Installs the bitwarden secrets manager CLI (bws) and optionally configures it to use a self-hosted server. + +## Example Usage + +```json +"features": { + "ghcr.io/RouL/devcontainer-features/bitwarden-secrets-manager:1": {} +} +``` + +## Options + +| Options Id | Description | Type | Default Value | +|-----|-----|-----|-----| +| server_base | Provides the base URL of your Bitwarden server, if you host your own server. | string | - | +| server_api | Provides an API URL that differs from the default (if in doubt, leave it empty!). | string | - | +| server_identity | Provides an identity URL that differs from the default (if in doubt, leave it empty!). | string | - | + + + +--- + +_Note: This file was auto-generated from the [devcontainer-feature.json](devcontainer-feature.json). Add additional notes to a `NOTES.md`._ diff --git a/src/bitwarden-secrets-manager/devcontainer-feature.json b/src/bitwarden-secrets-manager/devcontainer-feature.json new file mode 100644 index 0000000..ae93957 --- /dev/null +++ b/src/bitwarden-secrets-manager/devcontainer-feature.json @@ -0,0 +1,23 @@ +{ + "id": "bitwarden-secrets-manager", + "version": "1.0.0", + "name": "Bitwarden Secrets Manager CLI (bws)", + "description": "Installs the bitwarden secrets manager CLI (bws) and optionally configures it to use a self-hosted server.", + "options": { + "server_base":{ + "description": "Provides the base URL of your Bitwarden server, if you host your own server.", + "type": "string", + "default": "" + }, + "server_api":{ + "description": "Provides an API URL that differs from the default (if in doubt, leave it empty!).", + "type": "string", + "default": "" + }, + "server_identity":{ + "description": "Provides an identity URL that differs from the default (if in doubt, leave it empty!).", + "type": "string", + "default": "" + } + } +} diff --git a/src/bitwarden-secrets-manager/install.sh b/src/bitwarden-secrets-manager/install.sh new file mode 100644 index 0000000..426fdf1 --- /dev/null +++ b/src/bitwarden-secrets-manager/install.sh @@ -0,0 +1,97 @@ +#!/bin/sh +set -e + +SERVER_BASE="${SERVER_BASE}" +SERVER_API="${SERVER_API}" +SERVER_IDENTITY="${SERVER_IDENTITY}" + +REQUIRED_PACKAGES="curl unzip sudo ca-certificates jq" +TARGET_PATH=/usr/local/bin/bws + +error() { + echo "$1" >&2 + echo "Exiting..." >&2 + exit 1 +} + +apt_get_update() +{ + if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then + echo "Running apt-get update..." + apt-get update -y + fi +} + +check_packages() { + if ! dpkg -s "$@" > /dev/null 2>&1; then + apt_get_update + apt-get -y install --no-install-recommends "$@" + fi +} + +platform_detect() { + if [ "$(uname -s)" = "Linux" ]; then + PLATFORM="unknown-linux-gnu" + elif [ "$(uname -s)" = "Darwin" ]; then + PLATFORM="apple-darwin" + else + error "Unsupported platform: $(uname -s)" + fi +} + +arch_detect() { + if [ "$(uname -m)" = "x86_64" ]; then + ARCH="x86_64" + elif [ "$(uname -m)" = "aarch64" ]; then # Linux + ARCH="aarch64" + elif [ "$(uname -m)" = "arm64" ]; then # Darwin/macOS + ARCH="aarch64" + else + error "Unsupported architecture: $(uname -m)" + fi +} + +export DEBIAN_FRONTEND=noninteractive + +check_packages $REQUIRED_PACKAGES + +CURRENT_TAG="$(curl --request GET https://api.github.com/repos/bitwarden/sdk-sm/releases?per_page=100 | jq --raw-output '[.[] | select(.draft == false) | select(.prerelease == false) | select(.tag_name | startswith("bws-")) | .tag_name][0]')" +CURRENT_VERSION="${CURRENT_TAG#bws-v}" +VERSION="${VERSION:-$CURRENT_VERSION}" + +platform_detect +arch_detect + +install() { + curl -L "https://github.com/bitwarden/sdk-sm/releases/download/bws-v${VERSION}/bws-${ARCH}-${PLATFORM}-${VERSION}.zip" -o bws.zip + + unzip bws.zip + rm bws.zip + + chmod a+x bws + mv bws $TARGET_PATH +} + +configure() { + configCmd="sudo -u ${_REMOTE_USER} -i ${TARGET_PATH} config" + + [ "${SERVER_BASE}" != "" ] && $configCmd server-base $SERVER_BASE + [ "${SERVER_API}" != "" ] && $configCmd server-api $SERVER_API + [ "${SERVER_IDENTITY}" != "" ] && $configCmd server-identity $SERVER_IDENTITY + + return 0 +} + +echo "(*) Installing Bitwarden Secrets Manager CLI..." + +install + +if [ "${SERVER_BASE}" != "" ] || [ "${SERVER_API}" != "" ] || [ "${SERVER_IDENTITY}" != "" ]; then + echo "(*) Configure custom Bitwarden server URLs..." + configure +fi + +# Clean up +rm -rf /var/lib/apt/lists/* + +echo "Done!" diff --git a/test/bitwarden-secrets-manager/scenarios.json b/test/bitwarden-secrets-manager/scenarios.json new file mode 100644 index 0000000..daebab8 --- /dev/null +++ b/test/bitwarden-secrets-manager/scenarios.json @@ -0,0 +1,20 @@ +{ + "server_example": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "bitwarden-secrets-manager": { + "server_base": "https://example.com" + } + } + }, + "server_example_full": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "bitwarden-secrets-manager": { + "server_base": "https://example.com", + "server_api": "https://example.com/api", + "server_identity": "https://example.com/identity" + } + } + } +} diff --git a/test/bitwarden-secrets-manager/server_example.sh b/test/bitwarden-secrets-manager/server_example.sh new file mode 100644 index 0000000..c29df29 --- /dev/null +++ b/test/bitwarden-secrets-manager/server_example.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e + +source dev-container-features-test-lib + +check "server config server-base => https://example.com" bash -c "grep -E '^server_base = \"https://example.com\"\$' ~/.config/bws/config" diff --git a/test/bitwarden-secrets-manager/server_example_full.sh b/test/bitwarden-secrets-manager/server_example_full.sh new file mode 100644 index 0000000..1dd06d4 --- /dev/null +++ b/test/bitwarden-secrets-manager/server_example_full.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -e + +source dev-container-features-test-lib + +check "server config server-base => https://example.com" bash -c "grep -E '^server_base = \"https://example.com\"\$' ~/.config/bws/config" +check "server config server-api => https://example.com/api" bash -c "grep -E '^server_api = \"https://example.com/api\"\$' ~/.config/bws/config" +check "server config server-identity => https://example.com/identity" bash -c "grep -E '^server_identity = \"https://example.com/identity\"\$' ~/.config/bws/config" diff --git a/test/bitwarden-secrets-manager/test.sh b/test/bitwarden-secrets-manager/test.sh new file mode 100644 index 0000000..e959eb7 --- /dev/null +++ b/test/bitwarden-secrets-manager/test.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e + +source dev-container-features-test-lib + +check "bws --version" bash -c "bws --version | grep -E '^bws [1-9][0-9]*\\.[0-9]+\\.[0-9]+\$'"