chore(deps): bump undici from 5.28.3 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.3...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.eslintrc

@@ -0,0 +1,3 @@
+{
+	"extends": "tale"
+}

.github/workflows/deploy.yaml

@@ -0,0 +1,29 @@
+name: Deploy Action
+
+on:
+  push:
+    tags:
+      - '*'
+      - '!v1'
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+    - name: Build latest dist/ folder
+      run: |
+        npm ci
+        npm run build
+    - name: Upload dist/ folder
+      run: |
+        git config --global user.email "<41898282+github-actions[bot]@users.noreply.github.com>"
+        git config --global user.name "github-actions[bot]"
+        git checkout --orphan deploy
+        git add -f dist README.md LICENSE action.yaml
+        git commit -m "chore: create ci release ($GITHUB_SHA)"
+        git tag --force v1
+        git tag --force $GITHUB_REF_NAME
+        git push -f --tags origin deploy

.github/workflows/test.yaml

@@ -0,0 +1,36 @@
+name: Test Action
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+    - name: Build latest dist/ folder
+      run: |
+        npm ci
+        npm run build
+    - name: Upload dist/ folder
+      run: |
+        git config --global user.email "<41898282+github-actions[bot]@users.noreply.github.com>"
+        git config --global user.name "github-actions[bot]"
+        git checkout --orphan ci
+        git add -f dist README.md LICENSE action.yaml
+        git commit -m "chore: create ci release ($GITHUB_SHA)"
+        git push -f origin ci
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - name: Setup tale/kubectl-action
+      uses: tale/kubectl-action@ci
+      with:
+        base64-kube-config: ${{ secrets.KUBE_CONFIG }}
+    - name: Test the output of `kubectl cluster-info`
+      run: kubectl cluster-info

.gitignore

@@ -0,0 +1,2 @@
+node_modules/
+dist/

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+	"editor.codeActionsOnSave": {
+		"source.fixAll.eslint": true
+	}
+}

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Aarnav Tale
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,17 +1,21 @@
 # kubectl-action
+
 GitHub Action to manage a K8s (Kubernetes) cluster using kubectl.
 
-# Usage
+## Usage
+
 To use this action, add the following step to your GitHub Action workflow:
+
 ```yaml
 - uses: tale/kubectl-action@v1
   with:
     base64-kube-config: ${{ secrets.KUBE_CONFIG }}
 ```
 
-Keep in mind that the action expects a base64 encoded string of your Kubernetes configuration. The simplest way to do that is to run `cat $HOME/.kube/config | base64` and save that output as an action secret.
+Keep in mind that the action expects a base64 encoded string of your Kubernetes configuration. The simplest way to do that is to run `cat $HOME/.kube/config | base64` and save that output as an action secret. It's additionally possible to generate a config file using the `aws` CLI for EKS or any other tools with other cloud providers.
+
+It's also possible to specify the version of the [kubectl](https://kubernetes.io/docs/reference/kubectl/) CLI to use. The current default release used by this action is the latest version.
 
-It's also possible to specify the version of the [kubectl](https://kubernetes.io/docs/reference/kubectl/) CLI to use. The current default release used by this action is `v1.23.0`.
 ```yaml
 - uses: tale/kubectl-action@v1
   with:
@@ -20,6 +24,7 @@ It's also possible to specify the version of the [kubectl](https://kubernetes.io
 ```
 
 Once you've completed this setup, you have direct access to the `kubectl` binary and command in the rest of your actions. Here's a full example to give you some inspiration:
+
 ```yaml
 name: Kubectl Action
 
@@ -35,3 +40,33 @@ jobs:
         base64-kube-config: ${{ secrets.KUBE_CONFIG }}
     - run: kubectl get pods
 ```
+
+Here's an example using AWS EKS:
+
+```yaml
+name: Kubectl Action
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
+        aws-region: us-east-2
+    - name: Generate kubeconfig
+      run: |
+        {
+            echo 'EKS_CREDS<<EOF'
+            aws eks update-kubeconfig --region us-east-2 --name my-cluster --dry-run | base64
+            echo EOF
+        } >> $GITHUB_ENV
+    - uses: tale/kubectl-action@v1
+      with:
+        base64-kube-config: ${{ env.EKS_CREDS }}
+    - run: kubectl get pods
+```

action.yaml

@@ -8,18 +8,11 @@ inputs:
   kubectl-version:
     description: Version of the kubectl CLI to use
     required: false
-    default: v1.23.0
+    default: latest
   base64-kube-config:
     description: A base64 encoded reference to your authorization file (~/.kube/config)
     required: true
 runs:
-  using: composite
-  steps:
-  - name: Configure kubectl CLI
-    run: setup-kubectl.sh
-    shell: bash
-  - name: Authorize kubectl to the cluster
-    run: login-kubectl.sh
-    shell: bash
-    env:
-      BASE64_KUBE_CONFIG: ${{ inputs.base64-kube-config }}
+  using: node20
+  main: dist/index.js
+  post: dist/index.js

login-kubectl.sh

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-if [ ! -d "$HOME/.kube" ]; then
-	mkdir -p $HOME/.kube
-fi
-
-echo "$BASE64_KUBE_CONFIG" | base64 -d > $HOME/.kube/config

package.json

@@ -0,0 +1,21 @@
+{
+	"name": "kubectl-action",
+	"version": "1.4.0",
+	"scripts": {
+		"dev": "ncc -smw --license licenses.txt build src/main.ts",
+		"build": "ncc -sm --license licenses.txt build src/main.ts",
+		"push": "np --no-cleanup --no-publish --no-tests --message 'chore: v%s'"
+	},
+	"dependencies": {
+		"@actions/core": "^1.10.1",
+		"@actions/tool-cache": "^2.0.1"
+	},
+	"devDependencies": {
+		"@types/node": "^20.11.30",
+		"@vercel/ncc": "^0.38.1",
+		"eslint": "^8.57.0",
+		"eslint-config-tale": "^1.0.16",
+		"np": "^9.2.0",
+		"typescript": "^5.4.2"
+	}
+}

setup-kubectl.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-curl -LO "https://dl.k8s.io/release/${{ inputs.kubectl-version }}/bin/linux/amd64/kubectl"
-curl -LO "https://dl.k8s.io/${{ inputs.kubectl-version }}/bin/linux/amd64/kubectl.sha256"
-echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check
-
-mkdir $GITHUB_WORKSPACE/bin
-mv kubectl $GITHUB_WORKSPACE/bin
-echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH

src/login.ts

@@ -0,0 +1,28 @@
+import { mkdir, writeFile } from 'node:fs/promises'
+import { join } from 'node:path'
+import { env } from 'node:process'
+
+import { debug, getInput, saveState, setFailed } from '@actions/core'
+
+export async function setupKubeconfig() {
+	debug('Running kubectl-action setupKubeconfig()')
+
+	if (env.HOME === undefined) {
+		setFailed('$HOME is not defined')
+		return
+	}
+
+	const config = getInput('base64-kube-config', {
+		required: true,
+		trimWhitespace: true
+	})
+
+	const decoded = Buffer.from(config, 'base64')
+		.toString('utf8')
+
+	const path = join(env.HOME, '.kube')
+	saveState('kubeconfig-path', path)
+
+	await mkdir(path, { recursive: true })
+	await writeFile(join(path, 'config'), decoded, 'utf8')
+}

src/main.ts

@@ -0,0 +1,36 @@
+import { env, exit, platform } from 'node:process'
+
+import { debug, getState, setFailed } from '@actions/core'
+import { setupKubeconfig } from 'login'
+import { installKubectl } from 'setup'
+import { teardown } from 'teardown'
+
+if (env.RUNNER_OS === 'Windows' || platform === 'win32') {
+	setFailed('kubectl-action does not support Windows')
+	exit(1)
+}
+
+if (getState('kubectl-path')) {
+	debug('Running post kubectl-action setup')
+	teardown()
+		// eslint-disable-next-line unicorn/prefer-top-level-await
+		.catch(error => {
+			setFailed('Failed to teardown kubectl (this is a bug in kubectl-action): ')
+			debug(JSON.stringify(error))
+		})
+} else {
+	debug('Running kubectl-action setup')
+	// eslint-disable-next-line no-async-promise-executor
+	new Promise(async () => {
+		await installKubectl()
+		debug('kubectl-action setup complete')
+
+		await setupKubeconfig()
+		debug('kubectl-action kubeconfig setup complete')
+	})
+		// eslint-disable-next-line unicorn/prefer-top-level-await
+		.catch(error => {
+			setFailed('Failed to install kubectl (this is a bug in kubectl-action): ')
+			debug(JSON.stringify(error))
+		})
+}

src/setup.ts

@@ -0,0 +1,85 @@
+import { chmod } from 'node:fs/promises'
+import { dirname, join } from 'node:path'
+import { env } from 'node:process'
+
+import { addPath, debug, getInput, setFailed } from '@actions/core'
+import { cacheFile, downloadTool, find } from '@actions/tool-cache'
+
+export async function installKubectl() {
+	debug('Running kubectl-action installKubectl()')
+
+	if (env.RUNNER_TEMP === undefined) {
+		setFailed('$RUNNER_TEMP is not defined')
+		return
+	}
+
+	const input = getInput('kubectl-version', {
+		required: false,
+		trimWhitespace: true
+	})
+
+	const version = input === 'latest' || input === '' ? await fetchLatestVersion() : input
+	debug(`kubectl-version: ${version ?? 'undefined'}`)
+
+	if (!version?.startsWith('v')) {
+		setFailed('Unable to determine the `kubectl` version to install')
+		return
+	}
+
+	console.log(`Installing kubectl version ${version}`)
+
+	try {
+		const path = await fetchKubectl(version)
+		await chmod(path, '775')
+		addPath(dirname(path))
+		debug(`kubectl ${version} installed and cached at ${path}`)
+	} catch {
+		debug('Failed to download kubectl from dl.k8s.io')
+		setFailed('Failed to download kubectl from dl.k8s.io\nPlease check the version you specified is valid')
+	}
+}
+
+// Fetches the latest kubectl version from the Kubernetes release server
+async function fetchLatestVersion() {
+	const response = await fetch('https://dl.k8s.io/release/stable.txt')
+	if (!response.ok) {
+		setFailed(`Failed to fetch latest kubectl version with status ${response.status}`)
+		return
+	}
+
+	const version = await response.text()
+	return version.trim()
+}
+
+// Downloads the kubectl binary from the Kubernetes release server
+// If already downloaded, returns the path to the cached binary
+async function fetchKubectl(version: string) {
+	const cachedPath = find('kubectl', version)
+
+	// Cached path is a directory containing the kubectl binary
+	if (cachedPath) {
+		debug(`kubectl ${version} already installed`)
+		return join(cachedPath, 'kubectl')
+	}
+
+	const url = `https://dl.k8s.io/release/${version}/bin/${retrieveRunnerMetadata()}/kubectl`
+
+	console.log(`Downloading kubectl (${url})`)
+	const downloadPath = await downloadTool(url)
+	const toolPath = await cacheFile(downloadPath, 'kubectl', 'kubectl', version)
+	return join(toolPath, 'kubectl')
+}
+
+// Gets the proper architecture and OS for the current platform
+// This doesn't use node functions, but instead CI variables provided by GitHub
+function retrieveRunnerMetadata() {
+	// Currently we don't support win32 platforms anyways
+	const runnerSystem = env.RUNNER_OS === 'Linux' ? 'linux' : 'darwin'
+	const runnerArch = env.RUNNER_ARCH?.toLowerCase()
+
+	if (runnerArch?.includes('arm')) {
+		return `${runnerSystem}/arm64`
+	}
+
+	return `${runnerSystem}/amd64`
+}

src/teardown.ts

@@ -0,0 +1,11 @@
+import { rm } from 'node:fs/promises'
+
+import { debug, getState } from '@actions/core'
+
+export async function teardown() {
+	debug('Running kubectl-action teardown()')
+	console.log('Removing kubeconfig')
+
+	const configPath = getState('kubeconfig-path')
+	await rm(configPath, { recursive: true, force: true })
+}

tsconfig.json

@@ -0,0 +1,14 @@
+{
+	"exclude": ["dist"],
+	"compilerOptions": {
+		"baseUrl": "./src",
+		"rootDir": "./src",
+		"outDir": "./dist",
+		"target": "ESNext",
+		"module": "CommonJS",
+		"moduleResolution": "Node",
+		"skipLibCheck": true,
+		"strict": true,
+		"noEmit": true
+	}
+}