feature: action allow to retrieve rot ca cert

2024-08-25 18:36:57 +02:00 · 2024-08-25 18:36:57 +02:00 · 53467717df
commit 53467717df
parent 8dcca2d1e5
2 changed files with 53 additions and 27 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,25 @@
-# action-template
-github action template
+# get ca cert
+
+Github action to retrieve root ca certificate from pki managed thanks to cfssl.
+
+usage example
+
+```yaml
+name: Main
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: runner
+    steps:
+      - name: Retrieve root ca certificate
+        id: get-ca-cert
+        uses: RouxAntoine/get-ca-cert@master
+      - run: |
+          echo "${{ steps.get-ca-cert.outputs.ca-cert }}"
+          echo "${{ steps.get-ca-cert.outputs.ca-cert-base64 }}"
+```
--- a/action.yml
+++ b/action.yml
@ -1,33 +1,36 @@
-name: 'Action-template'
-description: 'Github action template'
+name: 'get-ca-cert'
+description: 'Github action to retrieve root ca certificate from cfssl PKI API'
 branding:
-  icon: file
-  color: orange
+  icon: anchor
+  color: green
 inputs:
-  sample-input:
-    description: 'input example'
-    default: 'default-value'
+  pki-address:
+    description: 'cfssl pki API address'
+    default: 'pki.localdomain'
    required: false
+  pki-port:
+    description: 'cfssl pki API port'
+    default: '444'
+    required: false
+outputs:
+  ca-cert:
+    value: "${{ steps.retrieve-ca-cert.outputs.ca-cert }}"
+    description: Root ca certificate in x509 format
+  ca-cert-base64:
+    value: "${{ steps.retrieve-ca-cert.outputs.ca-cert-base64 }}"
+    description: x509 formated root ca certificate encoded in base64
 runs:
  using: "composite"
  steps:
-    - name: Set GitHub Path example
-      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
-      shell: bash
-      env:
-        GITHUB_ACTION_PATH: ${{ github.action_path }}
-
-    - name: Set Github secret output result example
-      id: sets-a-secret
+    - name: Get root ca certificate from cfssl PKI API
+      id: retrieve-ca-cert
      shell: bash
      run: |
-        the_secret=$((RANDOM))
-        echo "::add-mask::$the_secret"
-        echo "secret-number=$the_secret" >> "$GITHUB_OUTPUT"
+        ca_cert=$(curl -sSL -d '{"label": "primary"}' ${{ inputs.pki-address }}:${{ inputs.pki-port }}/api/v1/cfssl/info |jq -r '.result.certificate')
+        ca_cert_base64=$(echo "$ca_cert" | base64 -w 0)
        
-    - name: Set Github output result example
-      id: sets-output
-      shell: bash
-      run: |
-        output_number=$((RANDOM))
-        echo "output-number=$output_number" >> "$GITHUB_OUTPUT"
+        echo "ca-cert<<EOF" >> "$GITHUB_OUTPUT"
+        echo "$ca_cert" >> "$GITHUB_OUTPUT"
+        echo "EOF" >> "$GITHUB_OUTPUT"
+        
+        echo "ca-cert-base64=$ca_cert_base64" >> "$GITHUB_OUTPUT"