Setup Action

Author: varunsh-coder

.github/workflows/test.yml

@@ -0,0 +1,25 @@
+name: "Test"
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+permissions:
+  contents: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v3
+      - uses: ./
+        with:
+          name: "new-json-file.json"
+          json: '{"name":"user", "password":"mypass"}'

.gitignore

@@ -0,0 +1,102 @@
+# IntelliJ
+.idea/
+
+# Dependency directory
+node_modules
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Ignore built ts files
+__tests__/runner/*
+lib/**/*

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 José Daniel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,118 @@
+## Create .json file to use in other steps of the workflow
+
+---
+
+Example of the output on the .json file created:
+
+```json
+{
+  "name": "step-security",
+  "password": "mypass"
+}
+```
+
+### How to use
+
+You can define a json structure on the secrets of your repository:
+
+```json
+{
+  "name": "step-security",
+  "password": "mypass"
+}
+```
+
+<sub><sup>MY_JSON (Secrets variables can be configured on repository settings > Secrets)</sup></sub>
+
+and use in this way:
+
+```yaml
+- name: create-json
+  id: create-json
+  uses: step-security/create-json@v1
+  with:
+    name: "credentials.json"
+    json: ${{ secrets.MY_JSON }}
+```
+
+Or just declare a string of a json on the property `json` like:
+
+```yaml
+- name: create-json
+  id: create-json
+  uses: step-security/create-json@v1
+  with:
+    name: "new-json-file.json"
+    json: '{"name":"step-security", "password":"mypass"}'
+```
+
+<sub><sup>The json have to be inside a string.</sup></sub>
+
+You also can save the json on a subdirectory using the property `dir`:
+
+```yaml
+- name: create-json
+  id: create-json
+  uses: step-security/create-json@v1
+  with:
+    name: "credentials.json"
+    json: ${{ secrets.CREDENTIALS_JSON }}
+    dir: "src/"
+```
+
+Remember that when you create a .json file, the file was not commited, you have to commit the file if you will use the `HEAD` branch with the file to push the repository to other service, like deploy to heroku or other platforms.
+
+If you want to create more than one json files, you have to specify different IDs for the action like:
+
+```yaml
+- name: create-json
+  id: create-json-1 # First ID
+  uses: step-security/create-json@v1
+  with:
+    name: "credentials.json"
+    json: ${{ secrets.CREDENTIALS_JSON }}
+    dir: "src/"
+- name: create-json
+  id: create-json-2 # Second ID
+  uses: step-security/create-json@v1
+  with:
+    name: "other.json"
+    json: '{"name":"step-security", "password":"mypass"}'
+    dir: "src/"
+```
+
+### Real Example (Creating and Using on Other Steps)
+
+```yaml
+name: Heroku CI - CD
+
+on:
+  push:
+    branches: [master]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - uses: actions/setup-go@v1
+        with:
+          go-version: "1.14.6"
+      - run: cd src && go mod vendor
+      - name: create-json
+        id: create-json
+        uses: step-security/create-json@v1
+        with:
+          name: "devdatatools-firebase-adminsdk.json"
+          json: ${{ secrets.CREDENTIALS_JSON }}
+          dir: "src/"
+      - run: git config --global user.email "[email protected]" && git config --global user.name "step-security" && git add . && git add --force src/devdatatools-firebase-adminsdk.json && git status && git commit -a -m "Deploy Heroku Commit with the Credentials JSON created!"
+      - uses: akhileshns/[email protected]
+        with:
+          heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
+          heroku_app_name: "dev-data-tools-api-golang"
+          heroku_email: "[email protected]"
+          appdir: "src"
+```
+
+After commit and use with Heroku the file is deleted after the workflow and the JSON is not showed on the log, perfect for public repositories.

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities to [email protected]

action.yml

@@ -0,0 +1,21 @@
+name: "create-json"
+description: "Create an JSON file from secret or a string of a json."
+inputs:
+  name:
+    description: "The name of the file to be written. | file.json "
+    required: true
+  json:
+    description: 'The json string that can be a secret of the github repo or a string of a json. | "{"title": "my json"}" '
+    required: true
+  dir:
+    description: "Optional subfolder directory to save the json file. | src/ "
+    required: false
+outputs:
+  successfully:
+    description: "Feedback message of success "
+runs:
+  using: "node16"
+  main: "./dist/index.js"
+branding:
+  icon: "shield"
+  color: "green"