Skip to content

Commit b1db547

Browse files
fqjonyfqjony
authored
Merge pull request #117 from udx/gcp-secrets-resolution-fix
GCP Secrets Resolution For Multiline Json Values
2 parents 19bac3f + 809109d commit b1db547

File tree

6 files changed

+11
-7
lines changed

6 files changed

+11
-7
lines changed

.github/workflows/build-and-test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ jobs:
100100
jq -r '.packages[] | select(.versionInfo != null) | "\(.name) | \(.versionInfo)"' sbom.json | sort | uniq | head -n 20 | column -t -s '|'
101101
102102
- name: Upload SBOM Artifact
103-
uses: actions/upload-artifact@v5
103+
uses: actions/upload-artifact@v6
104104
with:
105105
name: sbom
106106
path: sbom.json

.github/workflows/codeql.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ name: "CodeQL and Linter Analysis"
44
"on":
55
push:
66

7+
permissions:
8+
contents: read
9+
710
jobs:
811
analyze-shell:
912
name: Analyze Shell Scripts

.github/workflows/release.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ jobs:
115115
fi
116116
117117
- name: Upload SBOM Artifact
118-
uses: actions/upload-artifact@v5
118+
uses: actions/upload-artifact@v6
119119
with:
120120
name: sbom
121121
path: sbom.json
@@ -141,7 +141,7 @@ jobs:
141141
git config --global user.name "UDX Worker"
142142
143143
- name: Download SBOM Artifact
144-
uses: actions/download-artifact@v6
144+
uses: actions/download-artifact@v7
145145
with:
146146
name: sbom
147147

Dockerfile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -76,16 +76,16 @@ RUN echo $TZ > /etc/timezone && \
7676
# Install yq (architecture-aware)
7777
RUN ARCH=$(uname -m) && \
7878
if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; elif [ "$ARCH" = "aarch64" ]; then ARCH="arm64"; fi && \
79-
curl -sL https://github.com/mikefarah/yq/releases/download/v4.49.2/yq_linux_${ARCH}.tar.gz | tar xz && \
79+
curl -sL https://github.com/mikefarah/yq/releases/download/v4.50.1/yq_linux_${ARCH}.tar.gz | tar xz && \
8080
mv yq_linux_${ARCH} /usr/bin/yq && \
8181
rm -rf /tmp/*
8282

8383
# Install Google Cloud SDK (architecture-aware)
8484
RUN ARCH=$(uname -m) && \
8585
if [ "$ARCH" = "x86_64" ]; then \
86-
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-549.0.0-linux-x86_64.tar.gz" -o google-cloud-sdk.tar.gz; \
86+
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-551.0.0-linux-x86_64.tar.gz" -o google-cloud-sdk.tar.gz; \
8787
elif [ "$ARCH" = "aarch64" ]; then \
88-
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-549.0.0-linux-arm.tar.gz" -o google-cloud-sdk.tar.gz; \
88+
curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-551.0.0-linux-arm.tar.gz" -o google-cloud-sdk.tar.gz; \
8989
fi && \
9090
tar -xzf google-cloud-sdk.tar.gz && \
9191
./google-cloud-sdk/install.sh -q && \

deploy.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ config:
1212

1313
env:
1414
TEST_ENV_SECRET: "gcp/rabbit-ci-dev/worker-secret-test"
15+
TEST_ENV_JSON_KEY: "gcp/rabbit-ci-dev/worker-secret-json-key"
1516

1617
# Mount volumes
1718
# volumes:

lib/secrets/gcp.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ resolve_gcp_secret() {
3232

3333
# For multiline secrets (like private keys), base64 encode them
3434
if [[ "$secret_value" == *"-----BEGIN"* ]] || [[ "$secret_value" == *$'\n'* ]]; then
35-
printf "%s" "$secret_value" | base64
35+
printf "%s" "$secret_value" | base64 | tr -d '\n'
3636
else
3737
printf "%s" "$secret_value"
3838
fi

0 commit comments

Comments
 (0)