diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..9ca50d2 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,25 @@ +name: Check + +on: + pull_request: + push: + branches-ignore: + - master + +jobs: + lint-and-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: astral-sh/setup-uv@v6 + + - uses: actions/setup-python@v5 + with: + python-version: "3.9" + + - run: uv sync --group dev + + - run: uv run ruff check . + + - run: uv run pytest diff --git a/README.md b/README.md index 151b074..2884cd8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,31 @@ Populate Gitlab Project Variables from .env file ================================================= +## Overview + +A command-line tool for managing a Gitlab project's CI/CD variables, scoped to a +Gitlab [environment](https://docs.gitlab.com/ee/ci/environments/) (e.g. `uat`, +`production`). It talks to the Gitlab API using a personal access token and lets +you move variables between a local `.env` file and Gitlab in both directions. + +It provides four commands: + +- `write` — read a local `.env` file and create or update the matching + project variables in the given environment scope. Supports `--include` / + `--exclude` filtering and `--mask` to mask values whose key contains the + substring `KEY`, `SECRET`, or `TOKEN` (e.g. `APP_KEY`, `PUBLIC_KEY`, + `AUTH_TOKEN` will all be masked). Masking is one-way: an already-masked + variable is never un-masked by this tool. +- `list` — print the variables for an environment in a table. Masked values are + hidden unless you pass `--sensitive`. +- `get` — print the variables for an environment, optionally appending them to a + `.env` file with `--export`. +- `download` — write an environment's variables to a `.env` file, + prompting before overwriting an existing file. + +All commands target both the requested environment and globally-scoped (`*`) +variables. Requires a `GITLAB_TOKEN` environment variable. + ## Install Install as a global user tool (isolated environment, command on your PATH): @@ -56,3 +81,9 @@ populate-secrets-gitlab write \ ```shell populate-secrets-gitlab get --environment uat --gitlab-host gitlab.example.com --project my-group/my-project --export ``` + +### Download variables to an .env file + +```shell +populate-secrets-gitlab download --environment uat --gitlab-host gitlab.example.com --project my-group/my-project --output-dir . +``` diff --git a/src/populate_secrets_gitlab/app.py b/src/populate_secrets_gitlab/app.py index 25342eb..48800aa 100644 --- a/src/populate_secrets_gitlab/app.py +++ b/src/populate_secrets_gitlab/app.py @@ -16,7 +16,7 @@ logging.basicConfig( level=logging.INFO, format='%(asctime)s %(levelname)s\t%(message)s', - datefmt='%Y-%m-%d_%H:%M:%S.%s', + datefmt='%Y-%m-%d_%H:%M:%S', handlers=[ logging.StreamHandler() ], diff --git a/src/populate_secrets_gitlab/gitlab_server.py b/src/populate_secrets_gitlab/gitlab_server.py index 705dad0..813533b 100644 --- a/src/populate_secrets_gitlab/gitlab_server.py +++ b/src/populate_secrets_gitlab/gitlab_server.py @@ -3,5 +3,3 @@ def gitlab_client(gitlab_host, gitlab_token): return gitlab.Gitlab(util.prepare_gitlab_host(gitlab_host), private_token=gitlab_token) - - \ No newline at end of file