-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathaction.yml
116 lines (99 loc) · 4.23 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Setup Terminus
description: "Install and configure the Pantheon CLI tool, Terminus."
branding:
icon: "cloud"
color: "yellow"
inputs:
pantheon-machine-token:
description: "Machine token used to authenticate with Pantheon."
required: false
terminus-version:
description: |
The full version of Terminus to install. If omitted, the latest version is used.
required: false
disable-cache:
description: Disable session cache and force a new session to be initiated.
required: false
default: false
runs:
using: composite
steps:
- name: Set Terminus version
if: ${{ ! inputs.terminus-version }}
shell: bash
run: |
TERMINUS_RELEASE=$(
curl --silent \
--header 'authorization: Bearer ${{ github.token }}' \
"https://api.github.com/repos/pantheon-systems/terminus/releases/latest" \
| perl -nle'print $& while m#"tag_name": "\K[^"]*#g'
)
echo "TERMINUS_RELEASE=$TERMINUS_RELEASE" >> $GITHUB_ENV
- name: Install Terminus
shell: bash
run: |
mkdir $HOME/terminus && cd $HOME/terminus
echo "Installing Terminus v$TERMINUS_RELEASE"
curl -L https://github.com/pantheon-systems/terminus/releases/download/$TERMINUS_RELEASE/terminus.phar --output terminus
chmod +x terminus
sudo ln -s $HOME/terminus/terminus /usr/local/bin/terminus
mkdir -p $HOME/.terminus/{cache,plugins}
env:
TERMINUS_RELEASE: ${{ inputs.terminus-version || env.TERMINUS_RELEASE }}
- name: Set cache path, key, and restore-key
id: configure-cache
shell: bash
run: |
# Generate a hash of the machine token to use as a restore-key.
machine_token_hash=`echo ${{ inputs.pantheon-machine-token }} | sha256sum | head -c 40`
restore_key="terminus-session-$machine_token_hash"
# Set path, cache key, and restore-key for later steps.
echo "path=${{ runner.temp }}/terminus-session.enc" >> $GITHUB_OUTPUT
echo "restore-key=$restore_key-" >> $GITHUB_OUTPUT
echo "key=$restore_key-${{ github.run_id }}" >> $GITHUB_OUTPUT
- name: Restore cached encrypted Terminus session
id: restore-cache
if: ${{ inputs.disable-cache != 'true' }}
uses: actions/cache/restore@v4
with:
path: ${{ steps.configure-cache.outputs.path }}
key: ${{ steps.configure-cache.outputs.key }}
enableCrossOsArchive: true
- name: Decrypt cached session file
id: decrypt
if: ${{ steps.restore-cache.outcome == 'success' }}
continue-on-error: true
shell: bash
run: |
# Verify that the encrypted session file was restored from cache.
test -s ${{ steps.configure-cache.outputs.path }}
# Decrypt the session file.
echo "${{ inputs.pantheon-machine-token }}" | \
openssl enc -d -aes-256-cbc -pbkdf2 -iter 10000 -pass stdin -in ${{ steps.configure-cache.outputs.path }} -out $HOME/.terminus/cache/session
# Check if restored session is still valid
TERMINUS_USER=$(terminus auth:whoami)
if [ -z "$TERMINUS_USER" ]; then
echo "No valid session found. "
exit 1
fi
echo "Valid session found: $TERMINUS_USER"
- name: Authenticate Terminus
id: authenticate
if: ${{ inputs.pantheon-machine-token && steps.decrypt.outcome != 'success' }}
shell: bash
run: |
# Running this step means the session was not restored from cache
# and needs to be re-authenticated.
# Authenticate with Pantheon using the machine token.
terminus auth:login --machine-token="${{ inputs.pantheon-machine-token }}"
# Encrypt the session file.
echo "${{ inputs.pantheon-machine-token }}" | \
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 10000 -pass stdin -in $HOME/.terminus/cache/session -out ${{ steps.configure-cache.outputs.path }}
- name: Cache encrypted Terminus session
id: save-cache
if: ${{ steps.authenticate.outcome == 'success' && inputs.disable-cache != 'true'}}
uses: actions/cache/save@v4
with:
path: ${{ steps.configure-cache.outputs.path }}
key: ${{ steps.configure-cache.outputs.key }}
enableCrossOsArchive: true