diff --git a/action.yml b/action.yml index 5feff10..dae6b09 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,14 @@ inputs: cluster-name: description: "Name of SKE cluster." required: true + service-account-key: + description: "JSON representation of STACKIT service account key." + required: false + default: "" + service-account-key-path: + description: "Path to STACKIT service account key file." + required: false + default: "" timeout-seconds: description: "Time in seconds after which target state check fails." required: false @@ -39,6 +47,8 @@ runs: INPUT_TIMEOUT_SECS: ${{ inputs.timeout-seconds }} INPUT_INTERVAL_SECS: ${{ inputs.interval-seconds }} INPUT_WAIT: ${{ inputs.wait }} + INPUT_SERVICE_ACCOUNT_KEY: ${{ inputs.service-account-key }} + INPUT_SERVICE_ACCOUNT_KEY_PATH: ${{ inputs.service-account-key-path }} run: | set -e @@ -58,6 +68,11 @@ runs: fi done + if [ -z "$INPUT_SERVICE_ACCOUNT_KEY" ] && [ -z "$INPUT_SERVICE_ACCOUNT_KEY_PATH" ]; then + echo "::error:: You must provide either 'service-account-key' or 'service-account-key-path'." + exit 1 + fi + TIMEOUT_SECS="${INPUT_TIMEOUT_SECS:-900}" INTERVAL_SECS="${INPUT_INTERVAL_SECS:-5}" WAIT="${INPUT_WAIT:-true}" @@ -91,8 +106,16 @@ runs: echo "::group::Authenticating with service account and triggering operation" - STACKIT_ACCESS_TOKEN="$(stackit auth activate-service-account --only-print-access-token)" - export STACKIT_ACCESS_TOKEN + if [ -n "$INPUT_SERVICE_ACCOUNT_KEY_PATH" ]; then + STACKIT_SERVICE_ACCOUNT_KEY_PATH="$INPUT_SERVICE_ACCOUNT_KEY_PATH" + else + STACKIT_SERVICE_ACCOUNT_KEY_PATH="$(mktemp)" + + echo "Writing STACKIT service account key to $STACKIT_SERVICE_ACCOUNT_KEY_PATH" + echo "$INPUT_SERVICE_ACCOUNT_KEY" > "$STACKIT_SERVICE_ACCOUNT_KEY_PATH" + fi + + export STACKIT_SERVICE_ACCOUNT_KEY_PATH STACKIT_PROJECT_ID="$INPUT_PROJECT_ID" export STACKIT_PROJECT_ID