Support newline-separated inputs for delegates and access_token_scopes (#381)

Fixes #380
2024-01-08 17:24:50 -05:00 · 2024-01-08 17:24:50 -05:00 · a57dd04655
commit a57dd04655
parent fb74905737
6 changed files with 235 additions and 573 deletions
--- a/README.md
+++ b/README.md
@ -165,6 +165,8 @@ default, this action does not generate any tokens.
    https://www.googleapis.com/auth/cloud-platform
    ```

+    This can be specified as a comma-separated or newline-separated list.
+
 -   `access_token_subject`: (Optional) Email address of a user to impersonate
    for [Domain-Wide Delegation][dwd]. Access tokens created for Domain-Wide
    Delegation cannot have a lifetime beyond 1 hour, even if the
@ -277,7 +279,8 @@ regardless of the authentication mechanism.

 -   `delegates`: (Optional) List of additional service account emails or unique
    identities to use for impersonation in the chain. By default there are no
-    delegates.
+    delegates. This can be specified as a comma-separated or newline-separated
+    list.

 -   `universe`: (Optional) The Google Cloud universe to use for constructing API
    endpoints. The default universe is "googleapis.com", which corresponds to
--- a/dist/main/index.js
+++ b/dist/main/index.js
--- a/dist/post/index.js
+++ b/dist/post/index.js
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -25,18 +25,18 @@
  "dependencies": {
    "@actions/core": "^1.10.1",
    "@actions/http-client": "^2.2.0",
-    "@google-github-actions/actions-utils": "^0.4.10"
+    "@google-github-actions/actions-utils": "^0.5.2"
  },
  "devDependencies": {
-    "@types/node": "^20.10.0",
-    "@typescript-eslint/eslint-plugin": "^6.12.0",
-    "@typescript-eslint/parser": "^6.12.0",
+    "@types/node": "^20.10.7",
+    "@typescript-eslint/eslint-plugin": "^6.18.0",
+    "@typescript-eslint/parser": "^6.18.0",
    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.54.0",
-    "eslint-config-prettier": "^9.0.0",
-    "eslint-plugin-prettier": "^5.0.1",
-    "prettier": "^3.1.0",
-    "ts-node": "^10.9.1",
-    "typescript": "^5.3.2"
+    "eslint": "^8.56.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-prettier": "^5.1.2",
+    "prettier": "^3.1.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.3.3"
  }
 }
--- a/src/main.ts
+++ b/src/main.ts
@ -28,7 +28,7 @@ import {
  exactlyOneOf,
  isEmptyDir,
  isPinnedToHead,
-  parseCSV,
+  parseMultilineCSV,
  parseDuration,
  pinnedToHeadWarning,
  withRetries,
@ -111,7 +111,7 @@ async function main(logger: Logger) {
  const createCredentialsFile = getBooleanInput(`create_credentials_file`);
  const exportEnvironmentVariables = getBooleanInput(`export_environment_variables`);
  const tokenFormat = getInput(`token_format`);
-  const delegates = parseCSV(getInput(`delegates`));
+  const delegates = parseMultilineCSV(getInput(`delegates`));
  const universe = getInput(`universe`);

  // Ensure exactly one of workload_identity_provider and credentials_json was
@ -270,7 +270,7 @@ async function main(logger: Logger) {
      logger.debug(`Creating access token`);

      const accessTokenLifetime = parseDuration(getInput('access_token_lifetime'));
-      const accessTokenScopes = parseCSV(getInput('access_token_scopes'));
+      const accessTokenScopes = parseMultilineCSV(getInput('access_token_scopes'));
      const accessTokenSubject = getInput('access_token_subject');

      // Ensure a service_account was provided if using WIF.