1回答

茅侃侃

我设法从执行戈兰泰拉泰坦代码的GitHub操作中读取了存储在GitHub秘密中的JWT秘密。如前所述，由于Github机密不允许空格和点字符，并且令牌有一些点加一个空格，因此我首先做的是对其进行编码" ".echo -n '<token-value>' | base64这将生成一个没有空格的整个字符串，然后我将此值存储在Github机密上。我从戈朗这样读：.func main() {&nbsp; &nbsp;var t *testing.T&nbsp; &nbsp;serverURL := os.Getenv("SERVER_URL")&nbsp; &nbsp;MyTestFunction(t, serverURL)}func MyTestFunction(t *testing.T, serverURL string) {&nbsp; &nbsp; type SpeckleLogin struct {&nbsp; &nbsp; &nbsp; &nbsp; token string&nbsp; &nbsp; }&nbsp; &nbsp; method := "GET"&nbsp; &nbsp; // The encoded token is read from github secrets&nbsp; &nbsp; b64EncodeJwt := os.Getenv("USER_JWT_ENCODE")&nbsp; &nbsp; // fmt.Println("The encode JWT is:", b64EncodeJwt)&nbsp; &nbsp; // The encoded read token is decoded&nbsp; &nbsp; b64DecodeJwt, _ := b64.StdEncoding.DecodeString(b64EncodeJwt)&nbsp; &nbsp; // fmt.Println("JWT Decoded", string(b64DecodeJwt))&nbsp; &nbsp; // fmt.Println()&nbsp; &nbsp;&nbsp;&nbsp; &nbsp; headers := map[string][]string{&nbsp; &nbsp; &nbsp; &nbsp; "Content-Type": []string{"application/json, text/plain, */*"},&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; // The content of the token already decoded is included in the headers slice of strings.&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; "Authorization": []string{(string(b64DecodeJwt))},&nbsp; &nbsp; }&nbsp; &nbsp; jsonLogin := []byte(fmt.Sprintf(`{&nbsp; &nbsp; &nbsp; &nbsp; "email":"%s",&nbsp; &nbsp; &nbsp; &nbsp; "password": "%s"&nbsp; &nbsp; }`, os.Getenv("USER_EMAIL"), os.Getenv("USER_PASSWORD")))&nbsp; &nbsp;&nbsp;&nbsp; &nbsp; // The HTTP request is created&nbsp; &nbsp; reqLogin, errReq := http.NewRequest(method, serverURL+"/api/accounts", bytes.NewBuffer(jsonLogin))&nbsp; &nbsp; // The headers are added to the HTTP request&nbsp; &nbsp; reqLogin.Header = headers&nbsp; &nbsp; if errReq != nil {&nbsp; &nbsp; &nbsp; &nbsp; messageReq := fmt.Sprintf("Error GET login request: %s", errReq.Error())&nbsp; &nbsp; &nbsp; &nbsp; t.Fatal(messageReq)&nbsp; &nbsp; }&nbsp; &nbsp; clientLogin := &http.Client{&nbsp; &nbsp; &nbsp; &nbsp; Transport: &http.Transport{&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; TLSClientConfig: &tls.Config{&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; InsecureSkipVerify: true,&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; },&nbsp; &nbsp; &nbsp; &nbsp; },&nbsp; &nbsp; }&nbsp; &nbsp; // Sending the request&nbsp; &nbsp; respLogin, errResp := clientLogin.Do(reqLogin)&nbsp; &nbsp; if errResp != nil {&nbsp; &nbsp; &nbsp; &nbsp; messageResp := fmt.Sprintf("Error GET login response: %s", errResp.Error())&nbsp; &nbsp; &nbsp; &nbsp; t.Fatal(messageResp)&nbsp; &nbsp; }&nbsp; &nbsp; defer respLogin.Body.Close()&nbsp; &nbsp; body, _ := ioutil.ReadAll(respLogin.Body)&nbsp; &nbsp; // fmt.Println("BODY IS:")&nbsp; &nbsp; // fmt.Println(string(body))&nbsp; &nbsp; var speckleLogin map[string]interface{}&nbsp; &nbsp; if err := json.Unmarshal([]byte(body), &speckleLogin); err != nil {&nbsp; &nbsp; &nbsp; &nbsp; t.Fatal("Could not unmarshal json")&nbsp; &nbsp; }&nbsp; &nbsp; // We take the API token from the response&nbsp; &nbsp; data := speckleLogin["resource"].(map[string]interface{})["apitoken"]&nbsp; &nbsp;&nbsp; &nbsp; if speckleToken, ok := data.(string); ok {&nbsp; &nbsp; &nbsp; &nbsp; // Here we assert the token is not empty&nbsp; &nbsp; &nbsp; &nbsp; assert.NotEmpty(t, speckleToken)}但除此之外，正如@WishwaPerera试图告诉我的那样，我从上面调用的gorang中使用的新环境变量必须包含在我的github操作中，以便从命令运行这些测试。所以我的github操作文件最终是这样：SPECKLE_USER_JWT_ENCODEgo test.yamlname: Preview_Workflowon:&nbsp; pull_request:&nbsp; &nbsp; branches:&nbsp; &nbsp; - masterjobs:&nbsp; build-and-deploy:&nbsp; &nbsp; runs-on: ubuntu-latest&nbsp; &nbsp; steps:&nbsp; &nbsp; - name: 'Checkout GitHub Action'&nbsp; &nbsp; &nbsp; uses: actions/checkout@master&nbsp; &nbsp; - name: Install terraform&nbsp;&nbsp; &nbsp; &nbsp; uses: hashicorp/setup-terraform@v1&nbsp; &nbsp; &nbsp; with:&nbsp; &nbsp; &nbsp; &nbsp; terraform_version: 0.13.5&nbsp; &nbsp; &nbsp; &nbsp; terraform_wrapper: false&nbsp; &nbsp; - name: 'Terraform Version'&nbsp; &nbsp; &nbsp; shell: bash&nbsp; &nbsp; &nbsp; run: |&nbsp; &nbsp; &nbsp; &nbsp; terraform version&nbsp; &nbsp; - name: 'Login via Azure CLI'&nbsp; &nbsp; &nbsp; uses: azure/login@v1&nbsp; &nbsp; &nbsp; with:&nbsp; &nbsp; &nbsp; &nbsp; creds: ${{ secrets.AZURE_CREDENTIALS }}&nbsp; &nbsp; - name: 'Setup Go'&nbsp; &nbsp; &nbsp; id: go&nbsp; &nbsp; &nbsp; uses: actions/setup-go@v2&nbsp; &nbsp; &nbsp; with:&nbsp; &nbsp; &nbsp; &nbsp; go-version: '^1.16.5'&nbsp; &nbsp; - name: 'Run Terratest'&nbsp; &nbsp; &nbsp; id: terratest&nbsp; &nbsp; &nbsp; run: |&nbsp; &nbsp; &nbsp; &nbsp; cd tests&nbsp; &nbsp; &nbsp; &nbsp; go get -u github.com/Azure/azure-storage-blob-go/azblob&nbsp; &nbsp; &nbsp; &nbsp; go get -u github.com/gruntwork-io/terratest/modules/terraform&nbsp; &nbsp; &nbsp; &nbsp; go get -u github.com/stretchr/testify/assert&nbsp; &nbsp; &nbsp; &nbsp; // executing the test&nbsp; &nbsp; &nbsp; &nbsp; go test&nbsp; &nbsp; &nbsp; env:&nbsp; &nbsp; &nbsp; &nbsp; SERVER_URL: "https://my-service-application-url"&nbsp; &nbsp; &nbsp; &nbsp; USER_EMAIL: ${{ secrets.USER_EMAIL }}&nbsp; &nbsp; &nbsp; &nbsp; USER_PASSWORD: ${{ secrets.USER_PASSWORD }}&nbsp; &nbsp; &nbsp; &nbsp; USER_JWT_ENCODE: ${{ secrets.USER_JWT_ENCODE }}&nbsp; &nbsp; &nbsp; &nbsp; # I am using these other ones to connect to azure.&nbsp; &nbsp; &nbsp; &nbsp; ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}&nbsp; &nbsp; &nbsp; &nbsp; ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}&nbsp; &nbsp; &nbsp; &nbsp; ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}&nbsp; &nbsp; &nbsp; &nbsp; ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}&nbsp; &nbsp; - name: Azure logout&nbsp; &nbsp; &nbsp; run: |&nbsp; &nbsp; &nbsp; &nbsp; az logout一个很好的参考，以了解一些如何处理HTTP包

0 0

0