env-secrets 0.1.7 → 0.1.9

package/.cm/gitstream.cm

@@ -0,0 +1,57 @@
+# -*- mode: yaml -*-
+# This example configuration for provides basic automations to get started with gitStream.
+# View the gitStream quickstart for more examples: https://docs.gitstream.cm/quick-start/
+manifest:
+  version: 1.0
+automations:
+  # Add a label that indicates how many minutes it will take to review the PR.
+  estimated_time_to_review: 
+    if:
+      - true
+    run:
+      - action: add-label@v1
+      # etr is defined in the last section of this example
+        args:
+          label: "{{ calc.etr }} min review"
+          color: {{ 'E94637' if (calc.etr >= 20) else ('FBBD10' if (calc.etr >= 5) else '36A853') }}
+  # Post a comment that lists the best experts for the files that were modified.
+  code_experts:
+    if: 
+      - true
+    run:
+      - action: add-comment@v1
+      # More info about explainCodeExperts: https://docs.gitstream.cm/filter-functions/#explaincodeexperts
+        args:
+          comment: |
+            {{ repo | explainCodeExperts(gt=10) }}
+  # approve changes to docs, formatting, tests or assets
+  safe_changes:
+    if:
+      - {{ is.docs or is.tests or is.asset or is.formatting }}
+    run: 
+      - action: add-label@v1
+        args:
+          label: 'safe-changes'
+      - action: approve@v1
+  # approve dependabot
+  dependabot:
+    if:
+      - {{ branch.name | includes(term="dependabot") }}
+      - {{ branch.author | includes(term="dependabot") }}
+    run:
+      - action: approve@v1
+      - action: add-label@v1
+        args:
+          label: "approved-dependabot"
+      - action: merge@v1
+        args:
+          wait_for_all_checks: true
+          squash_on_merge: true
+# The next function calculates the estimated time to review and makes it available in the automation above.
+calc:
+  etr: {{ branch | estimatedReviewTime }}
+is:
+  docs: {{ files | allDocs }}
+  tests: {{ files | allTests }}
+  asset: {{ files | match(regex=r/\.(png|svg|gif|css)$/) | every }}
+  formatting: {{ source.diff.files | isFormattingChange }}

package/.github/dependabot.yml

@@ -4,7 +4,7 @@ updates:
     versioning-strategy: increase
     directory: '/'
     schedule:
-      interval: 'monthly'
+      interval: 'weekly'
     labels:
       - 'dependencies'
     open-pull-requests-limit: 100
@@ -14,3 +14,14 @@ updates:
       - dependency-name: 'fs-extra'
       - dependency-name: '*'
         update-types: ['version-update:semver-major']
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    pull-request-branch-name:
+      separator: '-'
+    labels:
+      - 'github-actions'
+      - 'dependencies'

package/.github/workflows/build-main.yml

@@ -10,14 +10,14 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 18.14.0
+          node-version: 20.18.3
 
       - name: Install Node.js dependencies
         run: yarn

package/.github/workflows/gitstream.yaml

@@ -0,0 +1,49 @@
+# Code generated by gitStream GitHub app - DO NOT EDIT
+
+name: gitStream workflow automation
+run-name: |
+  /:\ gitStream: PR #${{ fromJSON(fromJSON(github.event.inputs.client_payload)).pullRequestNumber }} from ${{ github.event.inputs.full_repository }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      client_payload:
+        description: The Client payload
+        required: true
+      full_repository:
+        description: the repository name include the owner in `owner/repo_name` format
+        required: true
+      head_ref:
+        description: the head sha
+        required: true
+      base_ref:
+        description: the base ref
+        required: true
+      installation_id:
+        description: the installation id
+        required: false
+      resolver_url:
+        description: the resolver url to pass results to
+        required: true
+      resolver_token:
+        description: Optional resolver token for resolver service
+        required: false
+        default: ''
+
+jobs:
+  gitStream:
+    timeout-minutes: 5
+    runs-on: ubuntu-latest
+    name: gitStream workflow automation
+    steps:
+      - name: Evaluate Rules
+        uses: linear-b/gitstream-github-action@v2
+        id: rules-engine
+        with:
+          full_repository: ${{ github.event.inputs.full_repository }}
+          head_ref: ${{ github.event.inputs.head_ref }}
+          base_ref: ${{ github.event.inputs.base_ref }}
+          client_payload: ${{ github.event.inputs.client_payload }}
+          installation_id: ${{ github.event.inputs.installation_id }}
+          resolver_url: ${{ github.event.inputs.resolver_url }}
+          resolver_token: ${{ github.event.inputs.resolver_token }}

package/.github/workflows/lint.yaml

@@ -12,19 +12,19 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 18.14.2
+          node-version: 20.18.3
 
       # ESLint and Prettier must be in `package.json`
       - name: Install Node.js dependencies
         run: yarn --frozen-lockfile
 
       - name: Run linters
-        uses: wearerequired/lint-action@v1
+        uses: wearerequired/lint-action@v2
         with:
           eslint: true
           eslint_extensions: js,ts

package/.github/workflows/release.yml

@@ -4,6 +4,10 @@ name: Release and Publish
 on:
   workflow_dispatch:
 
+permissions:
+  contents: write
+  packages: read
+
 jobs:
   release:
     if: ${{ github.ref == 'refs/heads/main' }}
@@ -11,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -21,9 +25,9 @@ jobs:
           git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 18.14.0
+          node-version: 20.18.3
           registry-url: 'https://registry.npmjs.org'
 
       - name: Install Node.js dependencies

package/.github/workflows/snyk.yaml

@@ -1,27 +1,24 @@
 name: Synk analysis
 
-on: push
+on:
+  pull_request_target:
+  push:
+    branches:
+      - main
 
 jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/node@master
+        continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      - name: Notify failures
-        if: failure()
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_LINK_NAMES: true
-          SLACK_MESSAGE:
-            # prettier-ignore
-            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
-          SLACK_CHANNEL: feed-github
-          SLACK_COLOR: ${{ job.status }}
-          SLACK_ICON: https://avatars.githubusercontent.com/u/82425418?s=200&v=4
-          SLACK_TITLE: 'Failed: env-secrets to dev :fire:'
-          SLACK_USERNAME: env-secrets-bot
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif

package/.github/workflows/unittests.yaml

@@ -14,14 +14,14 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [14.x, 16.x, 18.x]
+        node-version: [16.x, 18.x, 20.x]
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set up Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
 

package/.nvmrc

@@ -1 +1 @@
-v18.14.2
+v20.18.3

package/README.md

@@ -49,10 +49,6 @@ env-secrets aws -s <secret name> -r <region> -p <profile> -- <program to run>
 
 example:
 
-```
-env-secrets aws -s local/sample -r us-east-1 -p marka -- env
-```
-
 Create a Secret using AWS cli
 
 ```
@@ -64,9 +60,23 @@ aws secretsmanager create-secret \
     --secret-string "{\"user\":\"marka\",\"password\":\"mypassword\"}"
 ```
 
+List the secret using AWS cli
+
+```
+aws secretsmanager get-secret-value \
+    --region us-east-1 \
+    --profile marka \
+    --secret-id  local/sample \
+    --query SecretString
+```
+
+```
+env-secrets aws -s local/sample -r us-east-1 -p marka -- echo \${user}/\${password}
+```
+
 ## Development
 
-Setup node using [nvm](https://github.com/nvm-sh/nvm). Or use node 18.x.
+Setup node using [nvm](https://github.com/nvm-sh/nvm). Or use node 20 (LTS).
 
 ```
 nvm use

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "env-secrets",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "get secrets from a secrets vault and inject them into the running environment",
   "main": "index.js",
   "author": "Mark C Allen (@markcallen)",
@@ -19,28 +19,28 @@
     "test": "jest"
   },
   "devDependencies": {
-    "@types/debug": "^4.1.7",
-    "@types/jest": "^29.4.0",
-    "@types/node": "^18.15.11",
-    "@typescript-eslint/eslint-plugin": "^5.57.1",
-    "@typescript-eslint/parser": "^5.57.0",
-    "eslint": "^8.37.0",
-    "eslint-config-prettier": "^8.8.0",
+    "@types/debug": "^4.1.12",
+    "@types/jest": "^29.5.14",
+    "@types/node": "^18.19.80",
+    "@typescript-eslint/eslint-plugin": "^5.62.0",
+    "@typescript-eslint/parser": "^5.62.0",
+    "eslint": "^8.57.1",
+    "eslint-config-prettier": "^8.10.0",
     "eslint-plugin-prettier": "^4.2.1",
     "husky": "^8.0.3",
-    "jest": "^29.5.0",
-    "lint-staged": "^13.2.0",
-    "prettier": "^2.8.7",
-    "release-it": "^15.10.1",
+    "jest": "^29.7.0",
+    "lint-staged": "13.3.0",
+    "prettier": "^2.8.8",
+    "release-it": "^15.11.0",
     "rimraf": "^3.0.2",
-    "ts-jest": "^29.0.5",
-    "ts-node": "^10.9.1",
+    "ts-jest": "^29.2.6",
+    "ts-node": "^10.9.2",
     "typescript": "^4.9.5"
   },
   "dependencies": {
-    "aws-sdk": "^2.1351.0",
+    "aws-sdk": "^2.1692.0",
     "commander": "^9.5.0",
-    "debug": "^4.3.4"
+    "debug": "^4.4.0"
   },
   "lint-staged": {
     "*.{ts,js}": [
@@ -56,5 +56,8 @@
   },
   "bin": {
     "env-secrets": "./dist/index.js"
+  },
+  "engines": {
+    "node": "^16.14.0 || >=18.0.0"
   }
 }