From 3785125ea7d9809790d7f084f7ff77bfbce53a4c Mon Sep 17 00:00:00 2001 From: Ryan Blunden Date: Fri, 17 Jan 2025 14:37:57 +1000 Subject: [PATCH 1/3] Add docker and env-no-quotes mount formats --- pkg/controllers/secrets.go | 4 ++++ pkg/controllers/secrets_test.go | 12 ++++++++++++ pkg/models/secrets_mount.go | 6 ++++++ 3 files changed, 22 insertions(+) diff --git a/pkg/controllers/secrets.go b/pkg/controllers/secrets.go index c94202f9..d97a07f9 100644 --- a/pkg/controllers/secrets.go +++ b/pkg/controllers/secrets.go @@ -131,6 +131,10 @@ func SecretsToBytes(secrets map[string]string, format string, templateBody strin return []byte(strings.Join(utils.MapToEnvFormat(secrets, true), "\n")), Error{} } + if format == models.EnvNoQuotesFormat || format == models.DockerFormat { + return []byte(strings.Join(utils.MapToEnvFormat(secrets, false), "\n")), Error{} + } + if format == models.JSONMountFormat { envStr, err := json.Marshal(secrets) if err != nil { diff --git a/pkg/controllers/secrets_test.go b/pkg/controllers/secrets_test.go index 22c42a28..bccb47c6 100644 --- a/pkg/controllers/secrets_test.go +++ b/pkg/controllers/secrets_test.go @@ -82,6 +82,18 @@ func TestSecretsToBytes(t *testing.T) { t.Errorf("Unable to convert secrets to byte array in %s format", format) } + format = "env-no-quotes" + bytes, err = SecretsToBytes(secrets, format, "") + if !err.IsNil() || string(bytes) != strings.Join([]string{`S1=foo`, `SECRET2=bar`}, "\n") { + t.Errorf("Unable to convert secrets to byte array in %s format", format) + } + + format = "docker" + bytes, err = SecretsToBytes(secrets, format, "") + if !err.IsNil() || string(bytes) != strings.Join([]string{`S1=foo`, `SECRET2=bar`}, "\n") { + t.Errorf("Unable to convert secrets to byte array in %s format", format) + } + format = "json" bytes, err = SecretsToBytes(secrets, format, "") if !err.IsNil() || string(bytes) != `{"S1":"foo","SECRET2":"bar"}` { diff --git a/pkg/models/secrets_mount.go b/pkg/models/secrets_mount.go index ca4f4765..e3335cf5 100644 --- a/pkg/models/secrets_mount.go +++ b/pkg/models/secrets_mount.go @@ -19,12 +19,16 @@ const JSONMountFormat = "json" const EnvMountFormat = "env" const TemplateMountFormat = "template" const DotNETJSONMountFormat = "dotnet-json" +const EnvNoQuotesFormat = "env-no-quotes" +const DockerFormat = "docker" var SecretsMountFormats = []string{ EnvMountFormat, JSONMountFormat, DotNETJSONMountFormat, TemplateMountFormat, + EnvNoQuotesFormat, + DockerFormat, } var SecretsMountFormatMap = map[string]string{ @@ -32,4 +36,6 @@ var SecretsMountFormatMap = map[string]string{ JSONMountFormat: JSONMountFormat, DotNETJSONMountFormat: DotNETJSONMountFormat, TemplateMountFormat: TemplateMountFormat, + EnvNoQuotesFormat: EnvNoQuotesFormat, + DockerFormat: DockerFormat, } From be46e2de32f862134cc99938ec91ef1a0bbb615d Mon Sep 17 00:00:00 2001 From: Nic Manoogian Date: Wed, 12 Mar 2025 13:33:22 -0400 Subject: [PATCH 2/3] chore: Add Go supported version check workflow and version annotations --- .github/workflows/build.yml | 4 ++-- .../workflows/go-supported-version-check.yml | 18 ++++++++++++++++++ .github/workflows/release-tests.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/test.yml | 4 ++-- .github/workflows/vulncheck.yml | 2 +- README.md | 4 ++++ go.mod | 1 + salus-config.yaml | 2 +- 9 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/go-supported-version-check.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf0cc56c..67c88fa9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: '1.24' + go-version: '1.24' # GO_VERSION_DEF check-latest: true - name: Checkout uses: actions/checkout@v1 @@ -26,7 +26,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: '1.24' + go-version: '1.24' # GO_VERSION_DEF check-latest: true - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/go-supported-version-check.yml b/.github/workflows/go-supported-version-check.yml new file mode 100644 index 00000000..f808967f --- /dev/null +++ b/.github/workflows/go-supported-version-check.yml @@ -0,0 +1,18 @@ +name: Vulncheck + +on: + pull_request: + push: + schedule: + - cron: "28 1 * * *" + +jobs: + vulncheck: + name: Analysis + runs-on: ubuntu-latest + steps: + - name: Go Supported Version + uses: dopplerhq/go-supported-version-check-action@v1 + with: + go-version: "1.24" # GO_VERSION_DEF + version-requirement: any-supported diff --git a/.github/workflows/release-tests.yaml b/.github/workflows/release-tests.yaml index 7d3940c4..350c5c45 100644 --- a/.github/workflows/release-tests.yaml +++ b/.github/workflows/release-tests.yaml @@ -17,7 +17,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: '1.24' + go-version: '1.24' # GO_VERSION_DEF check-latest: true - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1826e4d4..b1e53338 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.24" + go-version: "1.24" # GO_VERSION_DEF check-latest: true - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index aa5b3474..fd44e622 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: '1.24' + go-version: '1.24' # GO_VERSION_DEF check-latest: true - name: Install dependencies run: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends expect jq @@ -31,7 +31,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: '1.24' + go-version: '1.24' # GO_VERSION_DEF check-latest: true - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml index c24081f6..e5fabf39 100644 --- a/.github/workflows/vulncheck.yml +++ b/.github/workflows/vulncheck.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: '1.24' + go-version: '1.24' # GO_VERSION_DEF check-latest: true - name: Get official govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest diff --git a/README.md b/README.md index 70be753e..5120099d 100644 --- a/README.md +++ b/README.md @@ -84,3 +84,7 @@ $ doppler configure --all # view local configuration By default, `doppler login` scopes the auth token to the root directory (`--scope=/`). This means that the token will be accessible to projects using the Doppler CLI in any subdirectory. To limit this, specify the `scope` flag during login: `doppler login --scope=./` or `doppler login --scope ~/projects/backend`. Setup (i.e. `doppler setup`) scopes the selected project and config to the current directory (`--scope=./`). You can also modify this scope with the `scope` flag. Run `doppler help` for more information. + +## Go Version + +This project defines its Go version in a number of places. If updating the Go version, search for `GO_VERSION_DEF` and ensure that all locations are updated. diff --git a/go.mod b/go.mod index 5bb2edf9..abd4ad9c 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,6 @@ module github.com/DopplerHQ/cli +// GO_VERSION_DEF go 1.24 require ( diff --git a/salus-config.yaml b/salus-config.yaml index 1cab1048..9f2ab077 100644 --- a/salus-config.yaml +++ b/salus-config.yaml @@ -25,4 +25,4 @@ enforced_scanners: "all" scanner_configs: GoVersionScanner: error: - min_version: "1.24.0" + min_version: "1.24.0" # GO_VERSION_DEF From 89951f1a98ee5cf516b90ab845b6f2daef0b9f9a Mon Sep 17 00:00:00 2001 From: Nic Manoogian Date: Wed, 12 Mar 2025 13:51:25 -0400 Subject: [PATCH 3/3] chore: Update golang.org/x/crypto to v0.36.0 --- go.mod | 10 +++++----- go.sum | 10 ++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index abd4ad9c..8cdec597 100644 --- a/go.mod +++ b/go.mod @@ -18,8 +18,8 @@ require ( github.com/spf13/cobra v1.7.0 github.com/stretchr/testify v1.9.0 github.com/zalando/go-keyring v0.2.6 - golang.org/x/crypto v0.33.0 - golang.org/x/sync v0.11.0 + golang.org/x/crypto v0.36.0 + golang.org/x/sync v0.12.0 gopkg.in/gookit/color.v1 v1.1.6 gopkg.in/yaml.v3 v3.0.1 ) @@ -51,7 +51,7 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.mongodb.org/mongo-driver v1.10.3 // indirect golang.org/x/exp v0.0.0-20220317015231-48e79f11773a // indirect - golang.org/x/sys v0.30.0 // indirect - golang.org/x/term v0.29.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect ) diff --git a/go.sum b/go.sum index affc97b3..338e5ee8 100644 --- a/go.sum +++ b/go.sum @@ -132,6 +132,8 @@ golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/exp v0.0.0-20220317015231-48e79f11773a h1:DAzrdbxsb5tXNOhMCSwF7ZdfMbW46hE9fSVO6BsmUZM= golang.org/x/exp v0.0.0-20220317015231-48e79f11773a/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -140,6 +142,8 @@ golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -151,6 +155,8 @@ golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= @@ -158,6 +164,8 @@ golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -166,6 +174,8 @@ golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=