feat: process env files

settlemint · Dec 14, 2024 · e6fcc3f · e6fcc3f
1 parent d8a3ff4
commit e6fcc3f
Show file tree

Hide file tree

Showing 8 changed files with 136 additions and 6 deletions.
diff --git a/.cursorrules b/.cursorrules
@@ -8,6 +8,7 @@
 8. Support all SettleMint environment variables as optional inputs
 9. Set predefined contract addresses as environment variables
 10. Add auto-login and auto-connect functionality
-11. Add comprehensive test coverage for main functionality
-12. Configure Renovate to run `npm run package` after dependency updates
-13. Create comprehensive README documentation with examples and best practices
+11. Process .env files from secrets and add them to GitHub environment
+12. Add comprehensive test coverage for main functionality
+13. Configure Renovate to run `npm run package` after dependency updates
+14. Create comprehensive README documentation with examples and best practices
diff --git a/README.md b/README.md
@@ -139,6 +139,29 @@ All inputs are automatically converted to environment variables with the `SETTLE
 - `workspace` → `SETTLEMINT_WORKSPACE`
 - `blockchain-network` → `SETTLEMINT_BLOCKCHAIN_NETWORK`
 
+### Environment Files
+The action supports loading environment variables from `.env` files. You can provide the content of your env files through the following inputs:
+
+- `dotEnvFile`: Content of your main `.env` file
+- `dotEnvLocalFile`: Content of your `.env.local` file
+
+⚠️ **Important**: Always store env file contents in GitHub Secrets:
+```yaml
+steps:
+  - uses: settlemint/settlemint-action@main
+    with:
+      dotEnvFile: ${{ secrets.MY_ENV_FILE }}
+      dotEnvLocalFile: ${{ secrets.MY_ENV_LOCAL }}
+      access-token: ${{ secrets.SETTLEMINT_ACCESS_TOKEN }}
+```
+
+The action will process these files and add all variables to the GitHub Actions environment. It handles:
+- Comments (lines starting with #)
+- Empty lines
+- Quoted values
+- Values containing = signs
+- Trailing comments
+
 ## Error Handling
 
 The action will fail if:
@@ -153,6 +176,32 @@ The action will fail if:
 - Use GitHub Secrets for sensitive information
 - Consider using OIDC for token management in production
 
+## Security Best Practices
+
+### Handling Secrets 🔒
+- **NEVER** commit access tokens, private keys or any secrets directly in your workflow files or repository
+- **ALWAYS** use GitHub Secrets for sensitive information:
+  ```yaml
+  # ✅ CORRECT - Using GitHub Secrets
+  access-token: ${{ secrets.SETTLEMINT_ACCESS_TOKEN }}
+
+  # ❌ WRONG - NEVER do this
+  access-token: "your-token-here"  # This is a security risk!
+  ```
+- Use GitHub's OIDC (OpenID Connect) for token management in production environments
+- Regularly rotate your access tokens and secrets
+- Limit secret access to only the necessary workflows and repositories
+
+### Environment Variables
+When using .env files:
+```yaml
+steps:
+  - uses: settlemint/settlemint-action@main
+    with:
+      dotEnvFile: ${{ secrets.ENV_FILE_CONTENT }}  # Store as a secret!
+      access-token: ${{ secrets.SETTLEMINT_ACCESS_TOKEN }}
+```
+
 ## Contributing
 
 Contributions are welcome! Please read our [Contributing Guide](./.github/CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests.

diff --git a/action.yml b/action.yml
@@ -75,6 +75,12 @@ inputs:
   smart-contract-set:
     description: 'SettleMint smart contract set ID'
     required: false
+  dotEnvFile:
+    description: 'A Github Actions secret containing the .env file, loaded in one go for easy updates'
+    required: false
+  dotEnvLocalFile:
+    description: 'A Github Actions secret containing the .env.local file, loaded in one go for easy updates'
+    required: false
 
 runs:
   using: node20

diff --git a/badges/coverage.svg b/badges/coverage.svg
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "typescript-action",
   "description": "GitHub Actions TypeScript template",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "author": "",
   "private": true,
   "homepage": "https://github.com/actions/typescript-action",

diff --git a/src/main.ts b/src/main.ts
@@ -21,6 +21,37 @@ const ENV_VARS = [
   'smart-contract-set',
 ];
 
+const ENV_VAR_PATTERN = /^[A-Za-z_][A-Za-z0-9_]*=/;
+const QUOTE_PATTERN = /^["'](.*)["']$/;
+
+function processEnvContent(content: string): void {
+  const lines = content.split('\n');
+
+  for (const line of lines) {
+    const trimmedLine = line.trim();
+
+    // Skip empty lines and comments
+    if (!trimmedLine || trimmedLine.startsWith('#')) {
+      continue;
+    }
+
+    // Remove trailing comments and trim
+    const lineWithoutComments = trimmedLine.split('#')[0].trim();
+
+    // Check if line matches env var pattern
+    if (ENV_VAR_PATTERN.test(lineWithoutComments)) {
+      const [key, ...valueParts] = lineWithoutComments.split('=');
+      let value = valueParts.join('='); // Rejoin in case value contains =
+
+      // Remove surrounding quotes if they exist
+      value = value.replace(QUOTE_PATTERN, '$1');
+
+      // Set in GitHub environment
+      core.exportVariable(key.trim(), value.trim());
+    }
+  }
+}
+
 /**
  * The main function for the action.
  * @returns {Promise<void>} Resolves when the action is complete.
@@ -36,6 +67,17 @@ export async function run(): Promise<void> {
     core.debug('Installing SettleMint CLI...');
     await exec.exec('npm', ['install', '-g', `@settlemint/sdk-cli@${version}`]);
 
+    // Process .env files
+    const dotEnvFile = core.getInput('dotEnvFile');
+    if (dotEnvFile) {
+      processEnvContent(dotEnvFile);
+    }
+
+    const dotEnvLocalFile = core.getInput('dotEnvLocalFile');
+    if (dotEnvLocalFile) {
+      processEnvContent(dotEnvLocalFile);
+    }
+
     // Set optional environment variables
     for (const varName of ENV_VARS) {
       const value = core.getInput(varName);