Skip to content

Commit c9de504

Browse files
brandoncbrandonc
committed
Use $RUNNER_TEMP when TF_CLI_CONFIG_FILE not in use
If you don't specify the TF_CLI_CONFIG_FILE environment variable, the default config is written to $HOME directory, which could theoretically be shared by multiple runners when using self-hosted runners. When TF_CLI_CONFIG_FILE is _not_ in use, I replaced the usage of $HOME with the directory $RUNNER_TEMP, whose setup/cleanup is managed by the runner framework and exported a TF_CLI_CONFIG_FILE.
1 parent 633666f commit c9de504

File tree

4 files changed

+44
-70
lines changed

4 files changed

+44
-70
lines changed

.github/workflows/setup-terraform.yml

Lines changed: 8 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -116,17 +116,10 @@ jobs:
116116
with:
117117
cli_config_credentials_token: ${{ env.TF_CLOUD_API_TOKEN }}
118118

119-
- name: Validate Terraform Credentials (Windows)
120-
if: runner.os == 'Windows'
119+
- name: Validate Terraform Credentials
121120
run: |
122-
cat ${APPDATA}/terraform.rc | grep 'credentials "app.terraform.io"'
123-
cat ${APPDATA}/terraform.rc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
124-
125-
- name: Validate Teraform Credentials (Linux & macOS)
126-
if: runner.os != 'Windows'
127-
run: |
128-
cat ${HOME}/.terraformrc | grep 'credentials "app.terraform.io"'
129-
cat ${HOME}/.terraformrc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
121+
cat ${RUNNER_TEMP}/setup-terraform.tfrc | grep 'credentials "app.terraform.io"'
122+
cat ${RUNNER_TEMP}/setup-terraform.tfrc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }
130123
131124
terraform-credentials-enterprise:
132125
name: 'Terraform Enterprise Credentials'
@@ -146,17 +139,10 @@ jobs:
146139
cli_config_credentials_hostname: 'terraform.example.com'
147140
cli_config_credentials_token: ${{ env.TF_CLOUD_API_TOKEN }}
148141

149-
- name: Validate Terraform Credentials (Windows)
150-
if: runner.os == 'Windows'
151-
run: |
152-
cat ${APPDATA}/terraform.rc | grep 'credentials "terraform.example.com"'
153-
cat ${APPDATA}/terraform.rc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
154-
155-
- name: Validate Teraform Credentials (Linux & macOS)
156-
if: runner.os != 'Windows'
142+
- name: Validate Terraform Credentials
157143
run: |
158-
cat ${HOME}/.terraformrc | grep 'credentials "terraform.example.com"'
159-
cat ${HOME}/.terraformrc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
144+
cat ${RUNNER_TEMP}/setup-terraform.tfrc | grep 'credentials "terraform.example.com"'
145+
cat ${RUNNER_TEMP}/setup-terraform.tfrc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
160146
161147
terraform-credentials-none:
162148
name: 'Terraform No Credentials'
@@ -171,15 +157,9 @@ jobs:
171157
- name: Setup Terraform
172158
uses: ./
173159

174-
- name: Validate Terraform Credentials (Windows)
175-
if: runner.os == 'Windows'
176-
run: |
177-
[[ -f ${APPDATA}/terraform.rc ]] || exit 0
178-
179-
- name: Validate Teraform Credentials (Linux & macOS)
180-
if: runner.os != 'Windows'
160+
- name: Validate Teraform Credentials
181161
run: |
182-
[[ -f ${HOME}/.terraformrc ]] || exit 0
162+
[[ -f ${RUNNER_TEMP}/setup-terraform.tfrc ]] || exit 0
183163
184164
terraform-arguments:
185165
name: 'Terraform Arguments'

dist/index.js

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -103,15 +103,15 @@ credentials "${credentialsHostname}" {
103103
}`.trim();
104104
// eslint-enable
105105

106-
// default to OS-specific path
107-
let credsFile = osPlat === 'win32'
108-
? `${process.env.APPDATA}/terraform.rc`
109-
: `${process.env.HOME}/.terraformrc`;
110-
111-
// override with TF_CLI_CONFIG_FILE environment variable
112-
credsFile = process.env.TF_CLI_CONFIG_FILE ? process.env.TF_CLI_CONFIG_FILE : credsFile;
106+
// set or use the TF_CLI_CONFIG_FILE environment variable
107+
let credsFile = process.env.TF_CLI_CONFIG_FILE;
108+
if (!credsFile) {
109+
credsFile = path.join(process.env.RUNNER_TEMP, 'setup-terraform.tfrc');
110+
core.debug(`Default CLI config created as ${credsFile}`);
111+
core.exportVariable('TF_CLI_CONFIG_FILE', credsFile);
112+
}
113113

114-
// get containing folder
114+
// create containing folder in case it doesn't exist
115115
const credsFolder = path.dirname(credsFile);
116116

117117
core.debug(`Creating ${credsFolder}`);

lib/setup-terraform.js

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -97,15 +97,15 @@ credentials "${credentialsHostname}" {
9797
}`.trim();
9898
// eslint-enable
9999

100-
// default to OS-specific path
101-
let credsFile = osPlat === 'win32'
102-
? `${process.env.APPDATA}/terraform.rc`
103-
: `${process.env.HOME}/.terraformrc`;
104-
105-
// override with TF_CLI_CONFIG_FILE environment variable
106-
credsFile = process.env.TF_CLI_CONFIG_FILE ? process.env.TF_CLI_CONFIG_FILE : credsFile;
100+
// set or use the TF_CLI_CONFIG_FILE environment variable
101+
let credsFile = process.env.TF_CLI_CONFIG_FILE;
102+
if (!credsFile) {
103+
credsFile = path.join(process.env.RUNNER_TEMP, 'setup-terraform.tfrc');
104+
core.debug(`Default CLI config created as ${credsFile}`);
105+
core.exportVariable('TF_CLI_CONFIG_FILE', credsFile);
106+
}
107107

108-
// get containing folder
108+
// create containing folder in case it doesn't exist
109109
const credsFolder = path.dirname(credsFile);
110110

111111
core.debug(`Creating ${credsFolder}`);

test/setup-terraform.test.js

Lines changed: 20 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -23,18 +23,12 @@ const setup = require('../lib/setup-terraform');
2323
// .fn(console.error);
2424

2525
describe('Setup Terraform', () => {
26-
const HOME = process.env.HOME;
27-
const APPDATA = process.env.APPDATA;
28-
2926
beforeEach(() => {
30-
process.env.HOME = '/tmp/asdf';
31-
process.env.APPDATA = '/tmp/asdf';
27+
process.env.RUNNER_TEMP = '/tmp/asdf'
3228
});
3329

3430
afterEach(async () => {
35-
await io.rmRF(process.env.HOME);
36-
process.env.HOME = HOME;
37-
process.env.APPDATA = APPDATA;
31+
await io.rmRF(process.env.RUNNER_TEMP);
3832
});
3933

4034
test('gets specific version and adds token and hostname on linux, amd64', async () => {
@@ -73,8 +67,8 @@ describe('Setup Terraform', () => {
7367

7468
// downloaded CLI has been added to path
7569
expect(core.addPath).toHaveBeenCalled();
76-
// expect credentials are in ${HOME}.terraformrc
77-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
70+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
71+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
7872
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
7973
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
8074
});
@@ -118,8 +112,8 @@ describe('Setup Terraform', () => {
118112
// downloaded CLI has been added to path
119113
expect(core.addPath).toHaveBeenCalled();
120114

121-
// expect credentials are in ${HOME}.terraformrc
122-
const creds = await fs.readFile(`${process.env.HOME}/terraform.rc`, { encoding: 'utf8' });
115+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
116+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
123117
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
124118
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
125119
});
@@ -161,8 +155,8 @@ describe('Setup Terraform', () => {
161155
// downloaded CLI has been added to path
162156
expect(core.addPath).toHaveBeenCalled();
163157

164-
// expect credentials are in ${HOME}.terraformrc
165-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
158+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
159+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
166160
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
167161
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
168162
});
@@ -204,8 +198,8 @@ describe('Setup Terraform', () => {
204198
// downloaded CLI has been added to path
205199
expect(core.addPath).toHaveBeenCalled();
206200

207-
// expect credentials are in ${HOME}.terraformrc
208-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
201+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
202+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
209203
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
210204
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
211205
});
@@ -246,8 +240,8 @@ describe('Setup Terraform', () => {
246240

247241
// downloaded CLI has been added to path
248242
expect(core.addPath).toHaveBeenCalled();
249-
// expect credentials are in ${HOME}.terraformrc
250-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
243+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
244+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
251245
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
252246
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
253247
});
@@ -288,8 +282,8 @@ describe('Setup Terraform', () => {
288282

289283
// downloaded CLI has been added to path
290284
expect(core.addPath).toHaveBeenCalled();
291-
// expect credentials are in ${HOME}.terraformrc
292-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
285+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
286+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
293287
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
294288
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
295289
});
@@ -330,8 +324,8 @@ describe('Setup Terraform', () => {
330324

331325
// downloaded CLI has been added to path
332326
expect(core.addPath).toHaveBeenCalled();
333-
// expect credentials are in ${HOME}.terraformrc
334-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
327+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
328+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
335329
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
336330
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
337331
});
@@ -372,8 +366,8 @@ describe('Setup Terraform', () => {
372366

373367
// downloaded CLI has been added to path
374368
expect(core.addPath).toHaveBeenCalled();
375-
// expect credentials are in ${HOME}.terraformrc
376-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
369+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
370+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
377371
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
378372
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
379373
});
@@ -414,8 +408,8 @@ describe('Setup Terraform', () => {
414408

415409
// downloaded CLI has been added to path
416410
expect(core.addPath).toHaveBeenCalled();
417-
// expect credentials are in ${HOME}.terraformrc
418-
const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
411+
// expect credentials are in ${RUNNER_TEMP}/setup-terraform.tfrc
412+
const creds = await fs.readFile(`${process.env.RUNNER_TEMP}/setup-terraform.tfrc`, { encoding: 'utf8' });
419413
expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
420414
expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
421415
});

0 commit comments

Comments
 (0)