Merge pull request #2 from RouL/feature_bitwarden-secrets-manager

RouL · web-flow · commit a8486115dc01 · 2025-02-15T13:19:03.000+01:00
Feature bitwarden secrets manager
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -15,6 +15,7 @@ jobs:
       matrix:
         features:
           - bitwarden-cli
+          - bitwarden-secrets-manager
         baseImage:
           - debian:latest
           - ubuntu:latest
@@ -35,6 +36,7 @@ jobs:
       matrix:
         features:
           - bitwarden-cli
+          - bitwarden-secrets-manager
     steps:
       - uses: actions/checkout@v4
 
diff --git a/src/bitwarden-secrets-manager/README.md b/src/bitwarden-secrets-manager/README.md
@@ -0,0 +1,26 @@
+
+# Bitwarden Secrets Manager CLI (bws) (bitwarden-secrets-manager)
+
+Installs the bitwarden secrets manager CLI (bws) and optionally configures it to use a self-hosted server.
+
+## Example Usage
+
+```json
+"features": {
+    "ghcr.io/RouL/devcontainer-features/bitwarden-secrets-manager:1": {}
+}
+```
+
+## Options
+
+| Options Id | Description | Type | Default Value |
+|-----|-----|-----|-----|
+| server_base | Provides the base URL of your Bitwarden server, if you host your own server. | string | - |
+| server_api | Provides an API URL that differs from the default (if in doubt, leave it empty!). | string | - |
+| server_identity | Provides an identity URL that differs from the default (if in doubt, leave it empty!). | string | - |
+
+
+
+---
+
+_Note: This file was auto-generated from the [devcontainer-feature.json](devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
diff --git a/src/bitwarden-secrets-manager/devcontainer-feature.json b/src/bitwarden-secrets-manager/devcontainer-feature.json
@@ -0,0 +1,23 @@
+{
+  "id": "bitwarden-secrets-manager",
+  "version": "1.0.0",
+  "name": "Bitwarden Secrets Manager CLI (bws)",
+  "description": "Installs the bitwarden secrets manager CLI (bws) and optionally configures it to use a self-hosted server.",
+  "options": {
+    "server_base":{
+      "description": "Provides the base URL of your Bitwarden server, if you host your own server.",
+      "type": "string",
+      "default": ""
+    },
+    "server_api":{
+      "description": "Provides an API URL that differs from the default (if in doubt, leave it empty!).",
+      "type": "string",
+      "default": ""
+    },
+    "server_identity":{
+      "description": "Provides an identity URL that differs from the default (if in doubt, leave it empty!).",
+      "type": "string",
+      "default": ""
+    }
+  }
+}
diff --git a/src/bitwarden-secrets-manager/install.sh b/src/bitwarden-secrets-manager/install.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+set -e
+
+SERVER_BASE="${SERVER_BASE}"
+SERVER_API="${SERVER_API}"
+SERVER_IDENTITY="${SERVER_IDENTITY}"
+
+REQUIRED_PACKAGES="curl unzip sudo ca-certificates jq"
+TARGET_PATH=/usr/local/bin/bws
+
+error() {
+  echo "$1" >&2
+  echo "Exiting..." >&2
+  exit 1
+}
+
+apt_get_update()
+{
+    if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+        echo "Running apt-get update..."
+        apt-get update -y
+    fi
+}
+
+check_packages() {
+    if ! dpkg -s "$@" > /dev/null 2>&1; then
+        apt_get_update
+        apt-get -y install --no-install-recommends "$@"
+    fi
+}
+
+platform_detect() {
+  if [ "$(uname -s)" = "Linux" ]; then
+    PLATFORM="unknown-linux-gnu"
+  elif [ "$(uname -s)" = "Darwin" ]; then
+    PLATFORM="apple-darwin"
+  else
+    error "Unsupported platform: $(uname -s)"
+  fi
+}
+
+arch_detect() {
+  if [ "$(uname -m)" = "x86_64" ]; then
+    ARCH="x86_64"
+  elif [ "$(uname -m)" = "aarch64" ]; then # Linux
+    ARCH="aarch64"
+  elif [ "$(uname -m)" = "arm64" ]; then # Darwin/macOS
+    ARCH="aarch64"
+  else
+    error "Unsupported architecture: $(uname -m)"
+  fi
+}
+
+export DEBIAN_FRONTEND=noninteractive
+
+check_packages $REQUIRED_PACKAGES
+
+CURRENT_TAG="$(curl --request GET https://api.github.com/repos/bitwarden/sdk-sm/releases?per_page=100 | jq --raw-output '[.[] | select(.draft == false) | select(.prerelease == false) | select(.tag_name | startswith("bws-")) | .tag_name][0]')"
+CURRENT_VERSION="${CURRENT_TAG#bws-v}"
+VERSION="${VERSION:-$CURRENT_VERSION}"
+
+platform_detect
+arch_detect
+
+install() {
+    curl -L "https://github.com/bitwarden/sdk-sm/releases/download/bws-v${VERSION}/bws-${ARCH}-${PLATFORM}-${VERSION}.zip" -o bws.zip
+
+    unzip bws.zip
+    rm bws.zip
+
+    chmod a+x bws
+    mv bws $TARGET_PATH
+}
+
+configure() {
+    configCmd="sudo -u ${_REMOTE_USER} -i ${TARGET_PATH} config"
+
+    [ "${SERVER_BASE}" != "" ] && $configCmd server-base $SERVER_BASE
+    [ "${SERVER_API}" != "" ] && $configCmd server-api $SERVER_API
+    [ "${SERVER_IDENTITY}" != "" ] && $configCmd server-identity $SERVER_IDENTITY
+
+    return 0
+}
+
+echo "(*) Installing Bitwarden Secrets Manager CLI..."
+
+install
+
+if [ "${SERVER_BASE}" != "" ] || [ "${SERVER_API}" != "" ] || [ "${SERVER_IDENTITY}" != "" ]; then
+    echo "(*) Configure custom Bitwarden server URLs..."
+    configure
+fi
+
+# Clean up
+rm -rf /var/lib/apt/lists/*
+
+echo "Done!"
diff --git a/test/bitwarden-secrets-manager/scenarios.json b/test/bitwarden-secrets-manager/scenarios.json
@@ -0,0 +1,20 @@
+{
+  "server_example": {
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+      "bitwarden-secrets-manager": {
+        "server_base": "https://example.com"
+      }
+    }
+  },
+  "server_example_full": {
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+      "bitwarden-secrets-manager": {
+        "server_base": "https://example.com",
+        "server_api": "https://example.com/api",
+        "server_identity": "https://example.com/identity"
+      }
+    }
+  }
+}
diff --git a/test/bitwarden-secrets-manager/server_example.sh b/test/bitwarden-secrets-manager/server_example.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+source dev-container-features-test-lib
+
+check "server config server-base => https://example.com" bash -c "grep -E '^server_base = \"https://example.com\"\$' ~/.config/bws/config"
diff --git a/test/bitwarden-secrets-manager/server_example_full.sh b/test/bitwarden-secrets-manager/server_example_full.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+source dev-container-features-test-lib
+
+check "server config server-base => https://example.com" bash -c "grep -E '^server_base = \"https://example.com\"\$' ~/.config/bws/config"
+check "server config server-api => https://example.com/api" bash -c "grep -E '^server_api = \"https://example.com/api\"\$' ~/.config/bws/config"
+check "server config server-identity => https://example.com/identity" bash -c "grep -E '^server_identity = \"https://example.com/identity\"\$' ~/.config/bws/config"
diff --git a/test/bitwarden-secrets-manager/test.sh b/test/bitwarden-secrets-manager/test.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+source dev-container-features-test-lib
+
+check "bws --version" bash -c "bws --version | grep -E '^bws [1-9][0-9]*\\.[0-9]+\\.[0-9]+\$'"
