yage 0.5.0

A simple tool to manage encrypted secrets in YAML files with age encryption
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

name: CI

on:
  push:
    branches: [ "*" ]
  pull_request:
    branches: [ "main" ]
  workflow_dispatch:
  schedule:
    - cron: '20 7 * * *'

env:
  CARGO_TERM_COLOR: always

# The section is needed to drop write-all permissions that are granted on
# `schedule` event. By specifying any permission explicitly all others are set
# to none. By using the principle of least privilege the damage a compromised
# workflow can do (because of an injection or compromised third party tool or
# action) is restricted. Currently the worklow doesn't need any additional
# permission except for pulling the code. Adding labels to issues, commenting
# on pull-requests, etc. may need additional permissions:
#
# Syntax for this section:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
#
# Reference for how to assign permissions on a job-by-job basis:
# https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
#
# Reference for available permissions that we can enable if needed:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
  # to fetch code (actions/checkout)
  contents: read

jobs:
  test:
    name: test
    env:
      # For some builds, we use cross to test on 32-bit and big-endian
      # systems.
      CARGO: cargo
      # When CARGO is set to CROSS, this is set to `--target matrix.target`.
      # Note that we only use cross on Linux, so setting a target on a
      # different OS will just use normal cargo.
      TARGET_FLAGS:
      # When CARGO is set to CROSS, TARGET_DIR includes matrix.target.
      TARGET_DIR: ./target
      # Bump this as appropriate. We pin to a version to make sure CI
      # continues to work as cross releases in the past have broken things
      # in subtle ways.
      CROSS_VERSION: v0.2.5
      # Emit backtraces on panics.
      RUST_BACKTRACE: 1
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        include:
          # rust channels
          - build: stable
            os: ubuntu-latest
            rust: stable
          - build: beta
            os: ubuntu-latest
            rust: beta
          - build: nightly
            os: ubuntu-latest
            rust: nightly

          # release platforms
          # same targets as in release.yml, all the linux targets from docker.yml
          - build: linux-amd64
            os: ubuntu-latest
            rust: stable
            target: x86_64-unknown-linux-musl
          - build: linux-i686
            os: ubuntu-latest
            rust: stable
            target: i686-unknown-linux-musl
          - build: linux-arm64
            os: ubuntu-latest
            rust: stable
            target: aarch64-unknown-linux-musl
          - build: linux-arm
            os: ubuntu-latest
            rust: stable
            target: arm-unknown-linux-musleabihf
          - build: linux-ppc64le
            os: ubuntu-latest
            rust: stable
            target: powerpc64le-unknown-linux-gnu
          - build: linux-s390x
            os: ubuntu-latest
            rust: stable
            target: s390x-unknown-linux-gnu
          - build: macos-amd64
            os: macos-latest
            rust: stable
            target: x86_64-apple-darwin
          - build: macos-arm64
            os: macos-14
            rust: stable
            target: aarch64-apple-darwin
          - build: windows-amd64
            os: windows-latest
            rust: stable
            target: x86_64-pc-windows-msvc

          # other usual build targets
          - build: stable-x86
            os: ubuntu-latest
            rust: stable
            target: i686-unknown-linux-gnu
          - build: stable-aarch64
            os: ubuntu-latest
            rust: stable
            target: aarch64-unknown-linux-gnu
          - build: stable-arm-gnueabihf
            os: ubuntu-latest
            rust: stable
            target: armv7-unknown-linux-gnueabihf
          - build: stable-arm-musleabihf
            os: ubuntu-latest
            rust: stable
            target: armv7-unknown-linux-musleabihf
          - build: stable-arm-musleabi
            os: ubuntu-latest
            rust: stable
            target: armv7-unknown-linux-musleabi
          - build: win-gnu
            os: windows-2022
            rust: nightly-x86_64-gnu
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@master
      with:
        toolchain: ${{ matrix.rust }}

    - name: Use Cross
      if: matrix.os == 'ubuntu-latest' && matrix.target != ''
      run: |
        # In the past, new releases of 'cross' have broken CI. So for now, we
        # pin it. We also use their pre-compiled binary releases because cross
        # has over 100 dependencies and takes a bit to compile.
        dir="$RUNNER_TEMP/cross-download"
        mkdir "$dir"
        echo "$dir" >> $GITHUB_PATH
        cd "$dir"
        curl -LO "https://github.com/cross-rs/cross/releases/download/$CROSS_VERSION/cross-x86_64-unknown-linux-musl.tar.gz"
        tar xf cross-x86_64-unknown-linux-musl.tar.gz
        echo "CARGO=cross" >> $GITHUB_ENV

    - name: Configure target flags
      if: matrix.target != ''
      run: |
        echo "TARGET_FLAGS=--target ${{ matrix.target }}" >> $GITHUB_ENV
        echo "TARGET_DIR=./target/${{ matrix.target }}" >> $GITHUB_ENV

    - name: Install the target
      if: matrix.os != 'ubuntu-latest' && matrix.target != ''
      run: rustup target add ${{ matrix.target }}

    - name: Show command used for Cargo
      run: |
        echo "cargo command is: ${{ env.CARGO }}"
        echo "target flag is: ${{ env.TARGET_FLAGS }}"
        echo "target dir is: ${{ env.TARGET_DIR }}"

    - name: Build yage and all crates
      run: ${{ env.CARGO }} build --workspace ${{ env.TARGET_FLAGS }} --release

    - name: Show the help message
      run: ${{ env.CARGO }} run ${{ env.TARGET_FLAGS }} --release -- --help

    - name: Run tests
      run: ${{ env.CARGO }} test --workspace ${{ env.TARGET_FLAGS }} --release

  rustfmt:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
    - name: Install Rust
      uses: dtolnay/rust-toolchain@master
      with:
        toolchain: stable
        components: rustfmt
    - name: Check formatting
      run: cargo fmt --all --check

  clippy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
    - name: Install Rust
      uses: dtolnay/rust-toolchain@master
      with:
        toolchain: stable
        components: clippy
    - name: Lint code with Clippy
      run: cargo clippy --all-targets -- -D warnings