stackql · jeffreyaven · Sep 3, 2023 · Sep 1, 2023 · Sep 1, 2023 · Sep 2, 2023
diff --git a/.github/workflows/stackql-exec.yml b/.github/workflows/stackql-exec.yml
@@ -17,52 +17,71 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
 
-    - name: Prep Google Creds (Windows)
-      if: ${{ matrix.os == 'windows-latest'}}
-      run: | ## use the secret to create json file
-        $GoogleCreds = [System.Environment]::GetEnvironmentVariable("GOOGLE_CREDS_ENV")
-        $GoogleCredsDecoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($GoogleCreds))
-        Write-Output $GoogleCredsDecoded | Set-Content sa-key.json
-      shell: pwsh
-      env:
-        GOOGLE_CREDS_ENV: ${{ secrets.GOOGLE_CREDS }}
-
-    - name: Prep Google Creds (bash)
-      if: ${{ matrix.os != 'windows-latest' }}
-      shell: bash
-      run: | ## use the base64 encoded secret to create json file
-        sudo echo ${{ secrets.GOOGLE_CREDS }} | base64 -d > sa-key.json
-
-    - name: exec google example with query file
-      id: stackql-exec-file
+    #
+    # query no auth
+    #
+    - name: pull providers
+      id: stackql-exec-string-noauth
       uses: ./
       with:
-        auth_obj_path: './stackql_scripts/auth.json'
-        query_file_path: './stackql_scripts/google-example.iql'
+        query: "REGISTRY PULL github;
+                REGISTRY PULL google;"
 
+    #
+    # authenticated query 
+    #
     - name: exec github example with query string
       id: stackql-exec-string
       uses: ./
       with:
-        auth_str: '{ "github": { "type": "basic", "credentialsenvvar": "STACKQL_GITHUB_CREDS" } }'
-        query: "REGISTRY PULL github v23.01.00104;
-                SHOW PROVIDERS;
-                select total_private_repos
+        query: "select total_private_repos
                 from github.orgs.orgs
                 where org = 'stackql';"
       env: 
-        STACKQL_GITHUB_CREDS: ${{ secrets.STACKQL_GITHUB_CREDS }}
+        STACKQL_GITHUB_USERNAME: ${{  secrets.STACKQL_GITHUB_USERNAME }}
+        STACKQL_GITHUB_PASSWORD: ${{  secrets.STACKQL_GITHUB_PASSWORD }}
+
+    #
+    # query_file_path
+    #
+    - name: exec google example with query file
+      id: stackql-exec-file
+      uses: ./
+      with:
+        query_file_path: './stackql_scripts/google-instances-by-status.iql'
+      env: 
+        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+
+    #
+    # query_file_path with vars
+    #
+    - name: exec google example with query file using vars
+      id: stackql-exec-file-with-vars
+      uses: ./
+      with:
+        query_file_path: './stackql_scripts/google-instances-by-status-with-vars.iql'
+        vars: GOOGLE_PROJECT=${{ env.GOOGLE_PROJECT }},GOOGLE_ZONE=${{ env.GOOGLE_ZONE }}
+      env: 
+        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+        GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }}
+        GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }}
 
     - name: validate stackql-exec output
       shell: bash
       run: |
-        if [ -z '${{ steps.stackql-exec-file.outputs.exec-result }}' ]; then
+        if [ -z '${{ steps.stackql-exec-string-noauth.outputs.exec-result }}' ]; then
           echo "exec-stackql output does not contain expected result"
           exit 1
         fi
         if [ -z '${{ steps.stackql-exec-string.outputs.exec-result }}' ]; then
           echo "exec-stackql output does not contain expected result"
           exit 1
         fi
-
-
+        if [ -z '${{ steps.stackql-exec-file.outputs.exec-result }}' ]; then
+          echo "exec-stackql output does not contain expected result"
+          exit 1
+        fi
+        if [ -z '${{ steps.stackql-exec-file-with-vars.outputs.exec-result }}' ]; then
+          echo "exec-stackql output does not contain expected result"
+          exit 1
+        fi
diff --git a/README.md b/README.md
@@ -3,85 +3,61 @@ Github Action as a wrapper for executing a single command in stackql, maps all s
 
 # Usage
 
-## AUTH
-
-`Example auth string`
-```
-{   "google": { "type": "service_account",  "credentialsfilepath": "sa-key.json" },
-    "github": { "type": "basic", "credentialsenvvar": "STACKQL_GITHUB_CREDS" }}
-```
-It can be passed with `auth_str` as a string, or stored in a file and pass filename to `auth-obj-path`
-- For "basic" auth, you need to set a environment variable with same name as the value of `credentialsenvvar` in the auth string for the Github Action step. You can use [Github Secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) to store the value of the environment variable, and use env to pass it to the action. For example:
-```
-env:
-  STACKQL_GITHUB_CREDS: ${{ secrets.STACKQL_GITHUB_CREDS }}
-```
-- For "service_account" auth, you need to store the credentials into a file; You can follow the example of `Prep Google Creds (bash)` step in the example
+## Provider Authentication
+Authentication to StackQL providers is done via environment variables source from GitHub Actions Secrets.  To learn more about authentication, see the setup instructions for your provider or providers at the [StackQL Provider Registry Docs](https://stackql.io/registry).  
 
 # Examples
-## Basic Example
+## Query Example
 ```
     - name: exec github example
       uses: ./
       with:
-        auth_str: '{ "github": { "type": "basic", "credentialsenvvar": "STACKQL_GITHUB_CREDS" } }'
-        query: "REGISTRY PULL github v23.01.00104;
+        query: "REGISTRY PULL github;
                 SHOW PROVIDERS;
                 select total_private_repos
                 from github.orgs.orgs
                 where org = 'stackql';"
       env: 
-        STACKQL_GITHUB_CREDS: ${{ secrets.STACKQL_GITHUB_CREDS }}
-
+        STACKQL_GITHUB_USERNAME: ${{  secrets.STACKQL_GITHUB_USERNAME }}
+        STACKQL_GITHUB_PASSWORD: ${{  secrets.STACKQL_GITHUB_PASSWORD }}
 ```
 
 
-## Auth json file and query file example
-- `auth.json`
-```
-{   "google": { "type": "service_account",  "credentialsfilepath": "sa-key.json" },
-    "github": { "type": "basic", "credentialsenvvar": "STACKQL_GITHUB_CREDS" }}
-```
+## Query File example
 - `google-example.iql`
 ```
-REGISTRY PULL github v23.01.00104;
-SHOW PROVIDERS;
-select total_private_repos
-from github.orgs.orgs
-where org = 'stackql';
+<<<jsonnet
+local project = std.extVar("GOOGLE_PROJECT");
+{
+   project: project,
+}
+>>>
+REGISTRY PULL google;
+SELECT status, count(*) as num_instances
+FROM google.compute.instances
+WHERE project = '{{ .project }}'
+GROUP BY status;
 ```
 **Example**
 ```
-    - name: Prep Google Creds (Windows)
-      if: ${{ matrix.os == 'windows-latest'}}
-      run: | ## use the secret to create json file
-        $GoogleCreds = [System.Environment]::GetEnvironmentVariable("GOOGLE_CREDS_ENV")
-        $GoogleCredsDecoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($GoogleCreds))
-        Write-Output $GoogleCredsDecoded | Set-Content sa-key.json
-      shell: pwsh
-      env:
-        GOOGLE_CREDS_ENV: ${{ secrets.GOOGLE_CREDS }}
-
-    - name: Prep Google Creds (bash)
-      if: ${{ matrix.os != 'windows-latest' }}
-      shell: bash
-      run: | ## use the base64 encoded secret to create json file
-        sudo echo ${{ secrets.GOOGLE_CREDS }} | base64 -d > sa-key.json
-
     - name: exec google example
       uses: ./
       with:
-        auth_obj_path: './stackql_scripts/auth.json'
         query_file_path: './stackql_scripts/google-example.iql'
+        vars: GOOGLE_PROJECT=$GOOGLE_PROJECT, GOOGLE_ZONE=$GOOGLE_ZONE
+      env: 
+        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+        GOOGLE_PROJECT: ${{  secrets.GOOGLE_PROJECT }}
+        GOOGLE_ZONE: ${{  secrets.GOOGLE_ZONE }}
 ```
 
-
 ## Inputs
-- `auth_obj_path` - (optional) the path of json file that stores stackql AUTH string
-- `auth_str` - (optional) stackql AUTH string, need either auth_str or auth_obj_path
-- `query` - (optional) stackql query to execute
-- `query_file_path` - (optional) stackql query file to execute, need either query or query_file_path
-- `query_output` - (optional) output format of the stackql exec result, accept "table", "csv", "json", default to "json"
+- `query` - stackql query to execute **(need to supply either `query` or `query_file_path`)**
+- `query_file_path` - stackql query file to execute **(need to supply either `query` or `query_file_path`)**
+- `vars` - (optional) comma delimited list of variables to pass to the stackql query preprocessor (jsonnet), accepts `var1=val1 var2=val2`, can be used to source environment variables into stackql queries 
+- `query_output` - (optional) output format of the stackql exec result, accepts `table`, `csv`, `json`, defaults to `json`
+- `auth_obj_path` - (optional) the path of json file that stores stackql AUTH string **(only required when using non-standard environment variable names)**
+- `auth_str` - (optional) stackql AUTH string **(only required when using non-standard environment variable names)**
 
 
 ## Outputs
@@ -90,3 +66,11 @@ to `true`, `stdout` and `stderr` are set to `exec-result` and `exec-error`
 
 - `exec-result` - The STDOUT stream of the call to the `stackql` binary.
 - `exec-error` - The STDERR stream of the call to the `stackql` binary.
+
+## Test action locally
+To run unit tests locally against this action, use the following:
+
+```
+npm i
+npm run test lib/tests/utils.test.js
+```
diff --git a/action.yml b/action.yml
@@ -2,22 +2,25 @@ name: 'StackQL Studios - StackQL Exec'
 description: 'A wrapper for executing a single command, maps all stackql exec args to actions args (supplied using with.)'
 author: 'Yuncheng Yang, StackQL Studios'
 inputs:
-  auth_obj_path:
-    description: file path to json object of stackql auth
-    required: false
-  auth_str:
-    description: json string of stackql auth
-    required: false
   query:
     description: stackql query to be executed
     required: false
   query_file_path:
     description: stackql query file to be executed
     required: false
+  vars:
+    description: comma delimited list of vars to be passed to query preprocessor (jsonnet)
+    required: false
   query_output:
     description: output format
     default: 'json'
     required: false
+  auth_obj_path:
+    description: file path to json object of stackql auth, not required if using standard provider authentication environment variables
+    required: false
+  auth_str:
+    description: json string of stackql auth, not required if using standard provider authentication environment variables  
+    required: false
 outputs:
   exec-result:
     description: "stdout of stackql command"
@@ -40,7 +43,7 @@ runs:
         fi
 
     - name: Setup StackQL
-      uses: stackql/setup-stackql@v1.1.0-beta
+      uses: stackql/setup-stackql@v1.2.0
       if: ${{steps.check-stackql.outputs.stackql_installed == 'false'}}
       with:
         use_wrapper: true
@@ -75,6 +78,7 @@ runs:
         QUERY_FILE_PATH: ${{ inputs.query_file_path }}
         QUERY: ${{inputs.query}}
         OUTPUT: ${{inputs.query_output}}
+        VARS: ${{inputs.vars}}
 
     - name: execute stackql command
       id: exec-stackql