From 53467717df514284be85a2d889bf7065dccd3a11 Mon Sep 17 00:00:00 2001
From: RouxAntoine <antoinroux@hotmail.fr>
Date: Sun, 25 Aug 2024 18:36:57 +0200
Subject: [PATCH] feature: action allow to retrieve rot ca cert

---
 README.md  | 27 +++++++++++++++++++++++++--
 action.yml | 53 ++++++++++++++++++++++++++++-------------------------
 2 files changed, 53 insertions(+), 27 deletions(-)

diff --git a/README.md b/README.md
index b724785..b01e9f4 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,25 @@
-# action-template
-github action template
+# get ca cert
+
+Github action to retrieve root ca certificate from pki managed thanks to cfssl.
+
+usage example
+
+```yaml
+name: Main
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: runner
+    steps:
+      - name: Retrieve root ca certificate
+        id: get-ca-cert
+        uses: RouxAntoine/get-ca-cert@master
+      - run: |
+          echo "${{ steps.get-ca-cert.outputs.ca-cert }}"
+          echo "${{ steps.get-ca-cert.outputs.ca-cert-base64 }}"
+```
diff --git a/action.yml b/action.yml
index c3f75f2..7eb11cc 100644
--- a/action.yml
+++ b/action.yml
@@ -1,33 +1,36 @@
-name: 'Action-template'
-description: 'Github action template'
+name: 'get-ca-cert'
+description: 'Github action to retrieve root ca certificate from cfssl PKI API'
 branding:
-  icon: file
-  color: orange
+  icon: anchor
+  color: green
 inputs:
-  sample-input:
-    description: 'input example'
-    default: 'default-value'
+  pki-address:
+    description: 'cfssl pki API address'
+    default: 'pki.localdomain'
     required: false
+  pki-port:
+    description: 'cfssl pki API port'
+    default: '444'
+    required: false
+outputs:
+  ca-cert:
+    value: "${{ steps.retrieve-ca-cert.outputs.ca-cert }}"
+    description: Root ca certificate in x509 format
+  ca-cert-base64:
+    value: "${{ steps.retrieve-ca-cert.outputs.ca-cert-base64 }}"
+    description: x509 formated root ca certificate encoded in base64
 runs:
   using: "composite"
   steps:
-    - name: Set GitHub Path example
-      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
-      shell: bash
-      env:
-        GITHUB_ACTION_PATH: ${{ github.action_path }}
-
-    - name: Set Github secret output result example
-      id: sets-a-secret
+    - name: Get root ca certificate from cfssl PKI API
+      id: retrieve-ca-cert
       shell: bash
       run: |
-        the_secret=$((RANDOM))
-        echo "::add-mask::$the_secret"
-        echo "secret-number=$the_secret" >> "$GITHUB_OUTPUT"
-
-    - name: Set Github output result example
-      id: sets-output
-      shell: bash
-      run: |
-        output_number=$((RANDOM))
-        echo "output-number=$output_number" >> "$GITHUB_OUTPUT"
\ No newline at end of file
+        ca_cert=$(curl -sSL -d '{"label": "primary"}' ${{ inputs.pki-address }}:${{ inputs.pki-port }}/api/v1/cfssl/info |jq -r '.result.certificate')
+        ca_cert_base64=$(echo "$ca_cert" | base64 -w 0)
+        
+        echo "ca-cert<<EOF" >> "$GITHUB_OUTPUT"
+        echo "$ca_cert" >> "$GITHUB_OUTPUT"
+        echo "EOF" >> "$GITHUB_OUTPUT"
+        
+        echo "ca-cert-base64=$ca_cert_base64" >> "$GITHUB_OUTPUT"