improvement: remove kubeconfig inputs

.github/workflows/test-garden.yaml

@@ -44,18 +44,13 @@ jobs:
       - name: Test 4 - Version should be 0.12.44
         run: garden version
 
-      - name: Test 5 – Prepare kubeconfig and garden-auth-token
+      - name: Test 5 – Prepare garden-auth-token
         uses: ./
         with:
-          kubeconfig: Zm9vYmFy
           garden-auth-token: foobar
 
-      - name: Test 6 – Test if kubeconfig and garden-auth-token is prepared
+      - name: Test 6 – Test if garden-auth-token is prepared
         run: |
-          if [[ "$(cat $KUBECONFIG)" != "foobar" ]]; then
-            echo "The $KUBECONFIG file did not contain the expected string foobar"
-            exit 1
-          fi
           if [[ "$GARDEN_AUTH_TOKEN" != "foobar" ]]; then
             echo "The $GARDEN_AUTH_TOKEN variable was not set to the expected string foobar"
             exit 1

README.md

@@ -2,7 +2,7 @@
 
 This action installs garden and can optionally be used to run any [Garden](https://garden.io) command, for example `deploy`, `test` or `run workflow`.
 
-Garden combines rapid development, testing, and DevOps automation in one tool. 
+Garden combines rapid development, testing, and DevOps automation in one tool.
 
 This action will perform the following steps:
 
@@ -11,7 +11,9 @@ This action will perform the following steps:
 3. Export garden to the `PATH`, so it can be used from any scripts in the following steps of the GitHub Action job.
 4. If the `command` option is provided, it will run the given garden command.
 
-   If the `command` option is *not* provided it will only prepare garden, which means it will also export the `KUBECONFIG` and `GARDEN_AUTH_TOKEN` environment variables if the `kubeconfig` and `garden-auth-token` are configured. This is helpful when calling `garden` in scripts from one of the following steps.
+   If the `command` option is *not* provided it will only prepare garden, which means it will install Garden and export it to the `PATH` environment variable. It will also export the `GARDEN_AUTH_TOKEN` environment variable `garden-auth-token` is configured.
+
+   This is helpful when calling `garden` in scripts from one of the following steps.
 
 **Note:** At the moment this action only works with Linux-based GitHub Action runners.
 If you are using macOS or Windows runners and need this action, please open a GitHub issue – in case there is demand, we will rewrite this action to make it platform-independent. (We also accept Pull requests for rewriting this Action in Typescript)
@@ -22,32 +24,12 @@ If you are using macOS or Windows runners and need this action, please open a Gi
 
 **Optional** The Garden command to execute, including all options. For example `deploy`, `test`, `run workflow` etc.
 
-If not provided, the garden-action will only install garden and export the `KUBECONFIG` and `GARDEN_AUTH_TOKEN` environment variables for use in scripts in later steps.
+If not provided, the garden-action will
+- install garden and export it to the `PATH` environment variable for subsequent steps
+- export the `GARDEN_AUTH_TOKEN` environment variable for subsequent steps if the `garden-auth-token` input has been provided
 
 For the full documentation please refer to the [Garden CLI documentation](https://docs.garden.io/reference/commands).
 
-## `kubeconfig`
-
-**Optional** Authentication to a Kubernetes Cluster can be done in multiple ways. This option allows to specify a base64 encoded kubeconfig, as a secret for GitHub actions. To use this option, base64 encode the relevant kubeconfig with the context referenced in your Garden project:
-
-```
-
-cat kubeconfig.yaml | base64
-
-```
-
-Encoding is necessary to deal with newlines and special characters. This action will decode the kubeconfig for usage in the action.
-
-The secret will be [masked to prevent accidental exposure in logs](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#masking-a-value-in-log)
-
-**If no command has been supplied, the action will expose this value to the the following steps in the GitHub Action job by exporting a `KUBECONFIG` environment variable.**
-
-## `kubeconfig-location`
-
-**Optional** Specify a location the GitHub action should be saved to in the container while running the action. This is only necessary if you have configured the `kubeconfig` parameter in your project.garden.yaml provider configuration.
-
-Defaults to `${{ runner.temp }}/garden/kubeconfig`
-
 ## `garden-version`
 
 **Optional** Garden version. Default is latest
@@ -99,12 +81,18 @@ jobs:
           role-to-assume: ${{ secrets.AWS_ROLE_EKS_DEV }}
           role-session-name: GitHubActionsDev
           role-duration-seconds: 3600
+      - name: AWS EKS Kubeconfig
+        run: |
+          # Add EKS cluster ${cluster_name} to ~/.kube/config
+          # NOTE: The context name will be the EKS cluster ARN by default.
+          # If your Garden configuration expects a different context name,
+          # you can add override it using the `--alias` option.
+          aws eks update-kubeconfig --name ${cluster_name} --region ${region}
       - uses: actions/checkout@v3.0.2
       - name: Deploy preview env with Garden
         uses: garden-io/garden-action@v1.2
         with:
           command: deploy --env preview
-          kubeconfig: ${{ secrets.KUBECONFIG }}
           garden-auth-token: ${{ secrets.GARDEN_AUTH_TOKEN }}
   garden-ci:
     runs-on: ubuntu-latest
@@ -116,6 +104,13 @@ jobs:
           role-to-assume: ${{ secrets.AWS_ROLE_EKS_DEV }}
           role-session-name: GitHubActionsDev
           role-duration-seconds: 3600
+      - name: AWS EKS Kubeconfig
+        run: |
+          # Add EKS cluster ${cluster_name} to ~/.kube/config
+          # NOTE: The context name will be the EKS cluster ARN by default.
+          # If your Garden configuration expects a different context name,
+          # you can add override it using the `--alias` option.
+          aws eks update-kubeconfig --name ${cluster_name} --region ${region}
       - uses: actions/checkout@v3.0.2
       - name: Run tests in ci environment with Garden
         uses: garden-io/garden-action@v1.2
@@ -124,6 +119,5 @@ jobs:
             test --env ci
             --var postgres-database=postgres
             --var postgres-password=${{ secrets.PG_PASSWORD }}
-          kubeconfig: ${{ secrets.KUBECONFIG }}
           garden-auth-token: ${{ secrets.GARDEN_AUTH_TOKEN }}
 ```

action.yaml

@@ -8,8 +8,9 @@ inputs:
     description: |
       All command line options for the garden cli command.
 
-      If not provided, the garden-action will only install garden and export the KUBECONFIG and GARDEN_AUTH_TOKEN
-      environment variables for use in scripts in later steps.
+      If not provided, the garden-action will
+      - install garden and export it to the `PATH` environment variable for subsequent steps
+      - export the `GARDEN_AUTH_TOKEN` environment variable for subsequent steps if the `garden-auth-token` input has been provided
     required: false
   logger-type:
     description: 'Garden logger type. Defaults to basic.'
@@ -19,13 +20,6 @@ inputs:
     description: 'Garden log level. Defaults to verbose.'
     required: false
     default: verbose
-  kubeconfig:
-    description: 'A base64 encoded string of the kubeconfig to use with Garden. Optional.'
-    required: false
-  kubeconfig-location:
-    description: 'Path where Garden expects the kubeconfig. Defaults to $HOME/kube/config.'
-    required: false
-    default: ${{ runner.temp }}/garden/kubeconfig
   garden-version:
     description: 'Garden version. Defaults to latest stable.'
     required: false
@@ -36,7 +30,7 @@ inputs:
   garden-workdir:
     description: |
       A path to a garden project in a repository.
-      
+
       Only necessary if there are multiple garden projects in a repository, or when the project.garden.yml is in a subdirectory.
   github-token:
     description: 'Github token for releases API. Required. Defaults to the `github.token` context variable.'
@@ -48,28 +42,14 @@ runs:
     - name: prepare
       shell: bash
       env:
-        kubeconfig_base64: ${{ inputs.kubeconfig }}
-        kubeconfig_location: ${{ inputs.kubeconfig-location }}
         garden_auth_token: ${{ inputs.garden-auth-token }}
         github_token: ${{ inputs.github-token }}
       run: |
         # Prepare
 
         # Mask secrets
-        [[ "${kubeconfig_base64}" != "" ]] && echo "::add-mask::${kubeconfig_base64}"
         [[ "${garden_auth_token}" != "" ]] && echo "::add-mask::${garden_auth_token}"
         [[ "${github_token}" != "" ]] && echo "::add-mask::${github_token}"
-
-        # Prepare Kubeconfig
-        if [[ ! -d "$(dirname "${kubeconfig_location}")" ]]; then
-          mkdir -p "$(dirname "${kubeconfig_location}")"
-        fi
-
-        # Write kubeconfig
-        if [[ -n "${kubeconfig_base64}" ]]; then
-          echo "${kubeconfig_base64}" | base64 -d  > "${kubeconfig_location}"
-          chmod 700 "${kubeconfig_location}"
-        fi
     - name: download garden
       shell: bash
       env:
@@ -115,7 +95,6 @@ runs:
       shell: bash
       env:
         command: ${{ inputs.command }}
-        KUBECONFIG: ${{ inputs.kubeconfig-location }}
         GARDEN_AUTH_TOKEN: ${{ inputs.garden-auth-token }}
         GARDEN_LOGGER_TYPE: ${{ inputs.logger-type }}
         GARDEN_LOG_LEVEL: ${{ inputs.log-level }}
@@ -125,14 +104,9 @@ runs:
       if: ${{ !inputs.command }}
       shell: bash
       env:
-        kubeconfig_base64: ${{ inputs.kubeconfig }}
-        kubeconfig_location: ${{ inputs.kubeconfig-location }}
         garden_auth_token: ${{ inputs.garden-auth-token }}
       run: |
         # Export environment variables
-        if [[ "${kubeconfig_base64}" != "" ]]; then
-          echo "KUBECONFIG=${kubeconfig_location}" >> "$GITHUB_ENV"
-        fi
         if [[ "${garden_auth_token}" != "" ]]; then
           echo "GARDEN_AUTH_TOKEN=${garden_auth_token}" >> "$GITHUB_ENV"
         fi