Initial commit

.gitignore

@@ -0,0 +1,114 @@
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### SublimeText ###
+# Cache files for Sublime Text
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+
+# Workspace files are user-specific
+*.sublime-workspace
+
+# Project files should be checked into the repository, unless a significant
+# proportion of contributors will probably not be using Sublime Text
+# *.sublime-project
+
+# SFTP configuration file
+sftp-config.json
+
+# Package control specific files
+Package Control.last-run
+Package Control.ca-list
+Package Control.ca-bundle
+Package Control.system-ca-bundle
+Package Control.cache/
+Package Control.ca-certs/
+Package Control.merged-ca-bundle
+Package Control.user-ca-bundle
+oscrypto-ca-bundle.crt
+bh_unicode_properties.cache
+
+# Sublime-github package stores a github token in this file
+# https://packagecontrol.io/packages/sublime-github
+GitHub.sublime-settings
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+### Intellij ###
+.idea/

CODE_OF_CONDUCT.md

@@ -0,0 +1 @@
+NONE.

Dockerfile

@@ -0,0 +1,11 @@
+FROM ubuntu:latest
+
+RUN apt-get update && apt-get install -y curl jq zip
+
+RUN curl "https://d1vvhvl2y92vvt.cloudfront.net/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+RUN unzip -qq awscliv2.zip
+RUN ./aws/install
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 bomb-on
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,165 @@
+# aws-ssm-to-env
+
+> Parse AWS Systems Manager parameters to environment variables.
+
+## Table of Contents
+
+  * [About](#about)
+  * [Usage](#usage)
+     * [Parameters](#parameters)
+     * [Examples](#examples)
+        * [String values](#string-values)
+        * [Custom prefix](#custom-prefix)
+        * [Simple JSON parameter values](#simple-json-parameter-values)
+        * [Complex JSON values](#complex-json-values)
+  * [TODO](#todo)
+
+## About
+
+This action is designed to read AWS SSM parameters and exports them as environmental variables.
+
+Script can parse string value parameters as well as parameters with stringified JSON values. For simple JSON objects
+a shortcut parameter `simple_json` can be used to convert all key-values from JSON into environmental variables.
+
+**Important note:** Although the AWS CLI command in this Action is very simple, Action is using preview version of
+AWS CLI (version 2) which is still not recommended for production use ([more info](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)).
+Author will update commands after future AWS CLI updates if necessary.
+
+## Usage
+
+### Parameters
+
+Parameter name | Type | Required | Default Value | Description
+--- | --- | --- | --- | ---
+`ssm_parameter` | string | true | | AWS Systems Manager parameter name (path)
+`prefix` | string | false | AWS_SSM_ | Custom environmental variables prefix
+`simple_json` | boolean | true | false | Parse parameter values as one-level JSON object and convert keys to environmental variables  (see example below).
+`jq_params` | string | true | | Custom space-separated [`jq` filters](https://stedolan.github.io/jq/) (see example below).
+
+### Examples
+
+#### String values
+
+Parse simple string value stored in AWS SSM `my_parameter_name` parameter:
+```yaml
+name: Parse SSM parameter
+
+on:
+  push
+
+jobs:
+  aws-ssm-to-env:
+    runs-on: ubuntu-latest
+    steps:
+      - name: aws-ssm-to-env
+        uses: bomb-on/aws-ssm-to-env@master
+        env:
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          parameter_name: 'my_parameter_name'
+```
+
+Example above will set environmental variable `AWS_SSM_MY_PARAMETER_NAME` with value from the AWS SSM parameter itself.
+
+#### Custom prefix
+
+Parse simple string value stored in AWS SSM `my_parameter_name` parameter and export environmental variable with 
+custom prefix:
+```yaml
+name: Parse SSM parameter
+
+on:
+  push
+
+jobs:
+  aws-ssm-to-env:
+    runs-on: ubuntu-latest
+    steps:
+      - name: aws-ssm-to-env
+        uses: bomb-on/aws-ssm-to-env@master
+        env:
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          parameter_name: 'my_parameter_name'
+          prefix: FOO_
+```
+
+Example above will set environmental variable `FOO_MY_PARAMETER_NAME` with value from the AWS SSM parameter itself.
+
+#### Simple JSON parameter values
+
+Parse simple one-level JSON object and create environmental variables from all keys:
+```yaml
+name: Parse JSON SSM parameter
+
+on:
+  push
+
+jobs:
+  aws-ssm-to-env:
+    runs-on: ubuntu-latest
+    steps:
+      - name: aws-ssm-to-env
+        uses: bomb-on/aws-ssm-to-env@master
+        env:
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          parameter_name: 'my_json_parameter'
+          simple_json: true
+```
+
+If `my_json_parameter` in the example above is a JSON string like
+```json
+{"foo": "bar", "baz": 1}
+```
+environmental variables will be set as:
+```sh
+AWS_SSM_FOO=bar
+AWS_SSM_BAZ=1
+```
+
+#### Complex JSON values
+
+Pass a custom, space-separated filter(s) to `jq` and parse desired parts of JSON object:
+```yaml
+name: Parse JSON SSM parameter
+
+on:
+  push
+
+jobs:
+  aws-ssm-to-env:
+    runs-on: ubuntu-latest
+    steps:
+      - name: aws-ssm-to-env
+        uses: bomb-on/aws-ssm-to-env@master
+        env:
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          parameter_name: 'my_json_parameter'
+          jq_filter: '.db[]|select(.default).host .db[]|select(.default).port'
+          prefix: DB_
+```
+
+If `my_json_parameter` in the example above was a JSON string like
+```json
+{"db": [{"host": "my.db.host.com", "port": 1337, "default": true}, {"host": "other.host", "port": 42}]}
+```
+environmental variables will be set as:
+```sh
+DB_HOST=my.db.host.com
+DB_PORT=1337
+```
+
+## TODO
+
+ - [ ] Use official Docker container once it becomes available (https://github.com/aws/aws-cli/issues/3291, https://github.com/aws/aws-cli/issues/4685)
+ - [ ] Write tests (https://github.com/kward/shunit2)

action.yml

@@ -0,0 +1,23 @@
+name: 'Parse AWS SSM Parameter values'
+description: 'Parse AWS Systems Manager parameters to environment variables'
+author: 'bomb-on'
+inputs:
+  ssm_parameter:
+    description: 'AWS Systems Manager parameter name (path).'
+    required: true
+  prefix:
+    description: 'Custom environmental variables prefix.'
+    required: false
+    default: AWS_SSM_
+  simple_json:
+    description: 'Parse parameter values as one-level JSON object and convert keys to environmental variables.'
+    required: false
+  jq_filter:
+    description: 'Custom jq filter(s).'
+    required: false
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+branding:
+  icon: 'archive'
+  color: 'gray-dark'

entrypoint.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+
+if [[ -z "$AWS_REGION" ]] || [[ -z "$AWS_ACCESS_KEY_ID" ]] || [[ -z "$AWS_SECRET_ACCESS_KEY" ]]; then
+  echo "Ensure that all environmental variables (AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) are set!"
+  exit 1
+fi
+
+if [[ -z "$INPUT_PARAMETER_NAME" ]]; then
+  echo "Set SSM parameter name (parameter_name) value."
+  exit 1
+fi
+
+region="$AWS_REGION"
+parameter_name="$INPUT_SSM_PARAMETER"
+prefix="${INPUT_PREFIX:-AWS_SSM_}"
+jq_filter="$INPUT_JQ_FILTER"
+simple_json="$INPUT_SIMPLE_JSON"
+ssm_param=$(aws2 --region "$region" ssm get-parameter --name "$parameter_name")
+
+format_var_name () {
+  echo "$1" | awk -v prefix="$prefix" -F. '{print prefix $NF}' | tr "[:lower:]" "[:upper:]"
+}
+
+if [ -n "$jq_filter" ] || [ -n "$simple_json" ]; then
+  ssm_param_value=$(echo "$ssm_param" | jq '.Parameter.Value | fromjson')
+  if [ -n "$simple_json" ] && [ "$simple_json" == "true" ]; then
+    for p in $(echo "$ssm_param_value" | jq -r --arg v "$prefix" 'to_entries|map("\(.key)=\(.value|tostring)")|.[]' ); do
+      IFS='=' read -r var_name var_value <<< "$p"
+      echo ::set-env name="$(format_var_name "$var_name")"::"$var_value"
+    done
+  else
+    IFS=' ' read -r -a params <<< "$jq_filter"
+    for var_name in "${params[@]}"; do
+      var_value=$(echo "$ssm_param_value" | jq -r -c "$var_name")
+      echo ::set-env name="$(format_var_name "$var_name")"::"$var_value"
+    done
+  fi
+else
+  var_name=$(echo "$ssm_param" | jq -r '.Parameter.Name' | awk -F/ '{print $NF}')
+  var_value=$(echo "$ssm_param" | jq -r '.Parameter.Value')
+  echo ::set-env name="$(format_var_name "$var_name")"::"$var_value"
+fi