https://github.com/duplocloud/actions-setup

Duploc actions setup action.
https://github.com/duplocloud/actions-setup

Last synced: 4 days ago
JSON representation

Duploc actions setup action.

• Host: GitHub
• URL: https://github.com/duplocloud/actions-setup
• Owner: duplocloud
• Created: 2024-07-11T19:43:09.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2024-07-12T19:59:09.000Z (6 months ago)
• Last Synced: 2024-11-10T02:09:31.784Z (2 months ago)
• Size: 3.91 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
 # Duplo AWS Setup Action

An Action to set up duplocloud cli and the underlying cloud. During this process, duplo discovers the underlying cloud which is either aws, gcp, or azure. Once the cloud is known, the corresponding cli is installed. Finally the action will authenticate with the cloud provider.

It provides the following features:

- Setting up Python.

- Installing `duploctl`.

- when AWS

  - Installing AWS CLI.

  - Running Duplo JIT (Just-In-Time) for AWS.

  - Configuring AWS IAM Credentials.

- when GCP

  - Installing GCP CLI.

  - Configuring GCP SA Credentials.

- when Azure

  - Installing Azure CLI.

  - Configuring Azure SCP Credentials.

## Inputs

The following input variables can be configured:

| Name              | Description                                                                 | Required | Default Value |

|-------------------|-----------------------------------------------------------------------------|----------|---------------|

| `mask-account-id` | Mask AWS Account ID in logs                                                 | `false`  | `yes`         |

| `region`          | Overide the cloud region from the default. For gcp this is required.        | `false`  |               |

| `account-id`      | Overide the cloud account id from the default. Required when on gcp/azure where this would be the project name or directory name. | `false`  |               |

| `credentials`     | Cloud credentials for Azure or GCP.                                         | `false`  |               |

| `version`        | Duplo version to install.                                                    | `false`  | `latest`      |

## Usage

**AWS Example:**  

```yaml

name: Simple AWS Setup

on: 

- push

jobs:

  build:

    runs-on: ubuntu-latest

    env:

      DUPLO_TOKEN: ${{ secrets.DUPLO_TOKEN }}

      DUPLO_HOST: ${{ vars.DUPLO_HOST  }}

      DUPLO_TENANT: ${{ vars.DUPLO_TENANT }}

    steps:

    - name: Duplo Setup

      uses: duplocloud/actions/setup@main

```

**GCP or Azure Example:**  

The only difference is there is no JIT for GCP or Azure. This means the job needs to have some pre-configured credentials to use for authentication. The name of the account is required for GCP and Azure as well. 

```yaml

steps:

- name: Duplo Setup

  uses: duplocloud/actions/setup@main

  with:

    account-id: ${{ vars.CLOUD_ACCOUNT }}

    credentials: ${{ secrets.CLOUD_CREDENTIALS }}

```

## Authentication  

Each underlying cloud has their own unique way of authenticating. 

### AWS  

Using the JIT functionality built into the portal, the action uses retreives an sts session from the duplo portal and uses these credentials to authenticate with the AWS CLI. Magical. 

### Azure  

The action uses the `azure/login` action to authenticate with Azure. To keep things consistent this action will use the `CLOUD_CREDENTIALS` secret to authenticate which expects the following format:  

```json

{

  "clientId": "",

  "clientSecret": "",

  "subscriptionId": "",

  "tenantId": ""

}

```

### GCP

The action uses the `google-github-actions/setup-gcloud` action to authenticate with GCP. To keep things consistent this action will use the `CLOUD_CREDENTIALS` secret to authenticate which expects the following format:  

```json

{

  "type": "service_account",

  "project_id": "",

  "private_key_id": "",

  "private_key": "",

  "client_email": "",

  "client_id": "",

  "auth_uri": "https://accounts.google.com/o/oauth2/auth",

  "token_uri": "https://accounts.google.com/o/oauth2/token",

  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",

  "client_x509_cert_url": ""

}

```

## License

The scripts and documentation in this project are released under the [MIT License](LICENSE).

## References 

 - Third Party Actions: 

   - [aws-actions/configure-aws-credentials@v3](https://github.com/aws-actions/configure-aws-credentials)

   - [unfor19/install-aws-cli-action@v1](https://github.com/unfor19/install-aws-cli-action)

   - [actions/setup-python@v5](https://github.com/actions/setup-python)

   - [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud)

   - [google-github-actions/auth](https://github.com/google-github-actions/auth)

   - [azure/login](https://github.com/marketplace/actions/azure-login)

   - [azure/CLI](https://github.com/marketplace/actions/azure-cli-action)