supercharge / mongodb-github-action

Use MongoDB in GitHub Actions
MIT License
227 stars 48 forks source link

[Feature Request] MongoDB --auth #12

Closed jorlugaqui closed 2 years ago

jorlugaqui commented 4 years ago

Hello,

Firstly, thank you very much for this implementation, I have been using it for learning Github actions on an aside project (https://github.com/jorlugaqui/ahm) and it helped me by a lot.

This request is for you to consider (if it makes sense) to have a variation for which the container will start with --auth enabled, probably achievable by sending the env variables MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD.

Some applications may be using this mechanism as a default for connecting to a mongo server. By supporting the --auth, applications won't need to adjust their code, but rather will only need to take care of sending the right values in the env variables. I could try posting a PR if you think it is worth it.

marcuspoehls commented 4 years ago

@jorlugaqui Hey Jorge, thank you for your feature request!

Can you please help me understand how you’re injecting the MongoDB authentication credentials into your testing environment? Are you reading the values from environment variables and use them to connect to MongoDB? Or do you have hard-coded values in a configuration file in your app?

jorlugaqui commented 4 years ago

Hi @marcuspoehls.

I'm not sure if by testing environment you mean the environment created by GitHub Actions or my local testing environment. So, I'll share both.

Local environment

I'm reading the values from environment variables and I use them to connect to the MongoDB server:

DB_HOST = os.environ.get('DB_HOST', 'localhost')
DB_NAME = os.environ.get('DB_NAME', '')
DB_USER = os.environ.get('DB_USER', '')
DB_PASSWORD = os.environ.get('DB_PASSWORD', '')

With values being injected via docker-compose like:

mongo:
    image: mongo
    restart: always
    ...
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
api:
    ...
    environment:
      ...
      DB_NAME: ${DB_NAME}
      DB_HOST: ${DB_HOST}
      DB_USER: ${MONGO_INITDB_ROOT_USERNAME}
      DB_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}

GitHub actions' environment

For now, I'm using hardcoded values, but when the moment comes, I'll switch to secrets.

 name: Run the API and Postman's tests
      ...
      env:
        FLASK_ENV: development
        API_HOST: 0.0.0.0
        FLASK_APP: main.py
        DB_NAME: ahm
        DB_HOST: localhost
        CI: true

How I'm imagining the feature

It will be our responsibility as developers to handle how the values will get into the workflow file. For instance, I could have a step defined like:

- name: Start MongoDB ${{ matrix.mongodb-version }}
   uses: supercharge/mongodb-github-action@1.3.0
   with:
      mongodb-version: ${{ matrix.mongodb-version }}
   env:
      MONGO_INITDB_ROOT_USERNAME: foo
      MONGO_INITDB_ROOT_PASSWORD: ${{ secrets.password }} 

One value hardcoded, one value coming from the secrets. The important thing will be that if these two variables are present, we could start the container with the -e flag like :

docker run -d --network some-network --name some-mongo \
    -e MONGO_INITDB_ROOT_USERNAME=$MONGO_INITDB_ROOT_USERNAME \
    -e MONGO_INITDB_ROOT_PASSWORD=$MONGO_INITDB_ROOT_PASSWORD \
    mongo

And therefore, achieve the "out of the box" authentication mechanism, which should be sufficient for a CI environment.

Let me know your thoughts.

kibertoad commented 3 years ago

@marcuspoehls Are there still plans to implement this? I'm trying to setup Mongo in GA with auth, and there doesn't seem to be an easy way to do so currently :)

marcuspoehls commented 3 years ago

@kibertoad Hey Igor, thank you for your patience. I’m in for this feature. Do you want to PR it?

marcuspoehls commented 2 years ago

@jorlugaqui @kibertoad @biodrone I’ve tagged a new release version 1.7.0 that is now available in the GitHub Actions marketplace containing the MongoDB authentication feature 😃

biodrone commented 2 years ago

Just used it in my project, working like a dream :)

marcuspoehls commented 2 years ago

Awesome!