fcoclavero · fcoclavero · Aug 25, 2020 · Aug 25, 2020 · Aug 25, 2020 · Aug 25, 2020
diff --git a/.github/workflows/cloud-sql-proxy-it.yml b/.github/workflows/cloud-sql-proxy-it.yml
@@ -0,0 +1,51 @@
+name: cloud-sql-proxy Integration
+
+on:
+  push:
+    paths:
+      - "cloud-sql-proxy/**"
+      - ".github/workflows/cloud-sql-proxy*"
+
+jobs:
+  gcloud:
+    name: Authenticate with setup-gcloud.
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./setup-gcloud
+        with:
+          export_default_credentials: true
+          service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY_B64 }}
+      - name: setup Cloud SQL proxy
+        uses: ./cloud-sql-proxy
+        with:
+          instance_connection_name: ${{ secrets.INSTANCE_CONNECTION_NAME }}
+          port: ${{ secrets.CLOUD_SQL_PROXY_PORT }}
+        run: psql "host=127.0.0.1 port=${{ secrets.CLOUD_SQL_PROXY_PORT }} sslmode=disable dbname=${{ secrets.DB_NAME }} user=${{ secrets.DB_USER_NAME }} password=${{ secrets.DB_PASSWORD }}"
+
+  b64_json:
+    name: Authenticate with Base64 JSON credentials.
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Cloud SQL proxy
+        uses: ./cloud-sql-proxy
+        with:
+          credentials: ${{ secrets.SERVICE_ACCOUNT_KEY_B64 }}
+          instance_connection_name: ${{ secrets.INSTANCE_CONNECTION_NAME }}
+          port: ${{ secrets.CLOUD_SQL_PROXY_PORT }}
+        run: psql "host=127.0.0.1 port=${{ secrets.CLOUD_SQL_PROXY_PORT }} sslmode=disable dbname=${{ secrets.DB_NAME }} user=${{ secrets.DB_USER_NAME }} password=${{ secrets.DB_PASSWORD }}"
+
+  json:
+    name: Authenticate with JSON credentials.
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Cloud SQL proxy
+        uses: ./cloud-sql-proxy
+        with:
+          credentials: ${{ secrets.SERVICE_ACCOUNT_KEY_JSON }}
+          instance_connection_name: ${{ secrets.INSTANCE_CONNECTION_NAME }}
+          port: ${{ secrets.CLOUD_SQL_PROXY_PORT }}
+        run: psql "host=127.0.0.1 port=${{ secrets.CLOUD_SQL_PROXY_PORT }} sslmode=disable dbname=${{ secrets.DB_NAME }} user=${{ secrets.DB_USER_NAME }} password=${{ secrets.DB_PASSWORD }}"
+
diff --git a/.github/workflows/cloud-sql-proxy.yml b/.github/workflows/cloud-sql-proxy.yml
@@ -0,0 +1,32 @@
+name: cloud-sql-proxy Unit
+on:
+  push:
+    paths:
+      - "cloud-sql-proxy/**"
+      - ".github/workflows/cloud-sql-proxy*"
+  pull_request:
+    paths:
+      - "cloud-sql-proxy/**"
+      - ".github/workflows/cloud-sql-proxy*"
+
+jobs:
+  run:
+    name: cloud-sql-proxy
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      matrix:
+        operating-system: [ubuntu-latest, windows-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@master
+        with:
+          node-version: 12.x
+
+      - name: npm install
+        run: npm install
+        working-directory: ./cloud-sql-proxy
+
+      - name: npm lint
+        run: npm run lint
+        working-directory: ./cloud-sql-proxy
diff --git a/README.md b/README.md
@@ -20,6 +20,8 @@ This repository contains a library of [Github Actions](https://github.com/action
 
 * [setup-gcloud](./setup-gcloud/README.md): This action downloads, installs, and configures a [gcloud Cloud SDK](https://cloud.google.com/sdk/) environment for the worker, adding the `gcloud` CLI command to the worker's $PATH.
 
+* [cloud-sql-proxy](./cloud-sql-proxy/README.md): This action sets up a [Cloud SQL Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy) that can be used by later steps to connect to a [Cloud SQL](https://cloud.google.com/sql) instance via the specified prot in the localhost.
+
 * [get-iap-token](./get-iap-token/README.md): This action gets an [OpenID Connect](https://developers.google.com/identity/protocols/OpenIDConnect) (OIDC) token and makes it available as an output variable. The token can then be used to [authenticate a service account](https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_service_account) to an [Identity Aware Proxy](https://cloud.google.com/iap) secured resource.
 
 * [get-secretmanager-secrets](./get-secretmanager-secrets/README.md): This action accesses secrets from [Google Secret Manager](https://cloud.google.com/secret-manager) and makes their results available as output variables.

diff --git a/cloud-sql-proxy/.eslintrc.js b/cloud-sql-proxy/.eslintrc.js
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  root: true,
+  parser: '@typescript-eslint/parser',
+  plugins: ['@typescript-eslint'],
+  extends: [
+    'eslint:recommended',
+    'google',
+    'plugin:@typescript-eslint/eslint-recommended',
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+    'prettier/@typescript-eslint',
+  ],
+};
diff --git a/cloud-sql-proxy/.gitignore b/cloud-sql-proxy/.gitignore
@@ -0,0 +1,48 @@
+node_modules/
+runner/
+
+# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Environment files
+.env
diff --git a/cloud-sql-proxy/.prettierrc.js b/cloud-sql-proxy/.prettierrc.js
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  arrowParens: 'always',
+  bracketSpacing: true,
+  endOfLine: 'auto',
+  jsxBracketSameLine: true,
+  jsxSingleQuote: true,
+  printWidth: 80,
+  quoteProps: 'consistent',
+  semi: true,
+  singleQuote: true,
+  tabWidth: 2,
+  trailingComma: 'all',
+  useTabs: false,
+};
diff --git a/cloud-sql-proxy/README.md b/cloud-sql-proxy/README.md
@@ -0,0 +1,73 @@
+# cloud-sql-proxy
+
+This action sets up a [Cloud SQL Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy) that can be used by later steps to connect to a [Cloud SQL](https://cloud.google.com/sql) instance via the specified prot in the localhost.
+
+## Prerequisites
+
+* [Python](https://www.python.org/) 2.7.9 or later installed on the environment.
+* A pre-configured GCP [service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts).
+* `actions/checkout@v2` if using [`setup-gcloud`](../setup-gcloud/README.md) with `export_default_credentials`.
+
+## Inputs
+
+### `credentials`
+
+**Optional.** The [service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) to use for authentication. This key should be either in JSON format or as a [Base64](https://en.wikipedia.org/wiki/Base64) string (eg. `cat my-key.json | base64` on macOS). It should be stored as a [GitHub secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets). It can be ommited if using [`setup-gcloud`](../setup-gcloud/README.md) with `export_default_credentials`.
+
+### `instance_connection_name`
+
+**Required.** The DB's instance connection name. It can be retrieved from the DB's details in the [Cloud SQL console](https://console.cloud.google.com/sql/instances).
+
+### `port`
+
+**Optional.** The IP where the port will be exposed in the localhost. Defaults to PostgreSQL's `${{ secrets.CLOUD_SQL_PROXY_PORT }}`.
+
+## Example usage
+
+Providing credentials in JSON format:
+
+```yaml
+steps:
+  - uses: actions/checkout@v2
+  - name: setup Cloud SQL proxy
+    uses: ./cloud-sql-proxy
+    with:
+      credentials: ${{ secrets.SERVICE_ACCOUNT_KEY_JSON }}
+      instance_connection_name: ${{ secrets.INSTANCE_CONNECTION_NAME }}
+      port: ${{ secrets.CLOUD_SQL_PROXY_PORT }}
+  - name: test connection
+    run: psql "host=127.0.0.1 port=${{ secrets.CLOUD_SQL_PROXY_PORT }} sslmode=disable dbname=${{ secrets.DB_NAME }} user=${{ secrets.DB_USER_NAME }} password=${{ secrets.DB_PASSWORD }}"
+```
+
+Providing credentials in Base64 JSON format:
+
+```yaml
+steps:
+  - uses: actions/checkout@v2
+  - name: setup Cloud SQL proxy
+    uses: ./cloud-sql-proxy
+    with:
+      credentials: ${{ secrets.SERVICE_ACCOUNT_KEY_B64 }}
+      instance_connection_name: ${{ secrets.INSTANCE_CONNECTION_NAME }}
+      port: ${{ secrets.CLOUD_SQL_PROXY_PORT }}
+  - name: test connection
+    run: psql "host=127.0.0.1 port=${{ secrets.CLOUD_SQL_PROXY_PORT }} sslmode=disable dbname=${{ secrets.DB_NAME }} user=${{ secrets.DB_USER_NAME }} password=${{ secrets.DB_PASSWORD }}"
+```
+
+Using the [`setup-gcloud`](../setup-gcloud/README.md) action with `export_default_credentials`:
+
+```yaml
+steps:
+  - uses: actions/checkout@v2
+  - uses: ./setup-gcloud
+    with:
+      export_default_credentials: true
+      service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY_B64 }}
+  - name: setup Cloud SQL proxy
+    uses: ./cloud-sql-proxy
+    with:
+      instance_connection_name: ${{ secrets.INSTANCE_CONNECTION_NAME }}
+      port: ${{ secrets.CLOUD_SQL_PROXY_PORT }}
+  - name: test connection
+    run: psql "host=127.0.0.1 port=${{ secrets.CLOUD_SQL_PROXY_PORT }} sslmode=disable dbname=${{ secrets.DB_NAME }} user=${{ secrets.DB_USER_NAME }} password=${{ secrets.DB_PASSWORD }}"
+```
diff --git a/cloud-sql-proxy/action.yml b/cloud-sql-proxy/action.yml
@@ -0,0 +1,24 @@
+name: Get IAP Token
+
+author: fcoclavero
+
+description: |-
+  GitHub action for setting up a Cloud SQL Proxy that can be used by later steps.
+
+inputs:
+  credentials: # input id
+    description: "The service account key to use for authentication. It should be stored as a secret."
+    required: false
+
+  instance_connection_name: # input id
+    description: "The DB's instance connection name. It can be retrieved from the DB's details in the Cloud SQL console"
+    required: true
+
+  port: # input id
+    description: "The IP where the port will be exposed in the localhost."
+    default: "5432" # postgres default
+    required: true
+
+runs:
+  using: node12
+  main: dist/index.js