Skip to content
/ action Public

A Github Action for setting up a Windsor environment

License

MPL-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

windsorcli/action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
.github
.github
 
 
test
test
 
 
.editorconfig
.editorconfig
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 

Repository files navigation

Windsor CLI GitHub Action

This GitHub Action installs and configures the Windsor CLI for use in GitHub Actions workflows.

Inputs

ref

  • Description: Git reference to build Windsor CLI from source or version tag to download
  • Required: No
  • Default: Latest stable release
  • Example: main, v1.0.0, 1234abc

context

  • Description: The context to use for Windsor CLI commands
  • Required: No
  • Default: "local"
  • Example: "production", "staging"

workdir

  • Description: The working directory for Windsor CLI commands
  • Required: No
  • Default: "" (current directory)
  • Example: ".windsor/.tf_modules/cluster/talos"

install-only

  • Description: Only install the CLI without initializing context or injecting environment variables
  • Required: No
  • Default: "false"

inject-secrets

  • Description: Whether to inject decrypted secrets into environment variables
  • Required: No
  • Default: "false"

Usage

steps:
  - name: Install Windsor CLI
    uses: windsorcli/action@v1
    with:
      ref: v1.0.0
      context: local
      workdir: .windsor/.tf_modules/cluster/talos

Security

The action automatically detects and masks secrets in your workflow:

  1. Detects environment variables in your windsor.yaml that use the ${{ }} syntax
  2. Uses GitHub Actions' built-in secret masking to prevent secrets from appearing in logs
  3. Only logs variable names, never their values
  4. Maintains a minimal logging footprint to reduce potential information exposure
  5. Reduces the threat surface by only using actions/github-script with a pinned SHA

NOTE: When using third party actions, you should ALWAYS reference them explicitly by their SHA. Furthermore, it's expected that you have performed your own threat modeling on systems in which this mechanism is used. See Security hardening for GitHub Actions for more information.

Example Workflow

name: CI

on:
  push:

jobs:
  windsorcli:
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
    runs-on: ${{ matrix.os }}
  
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.11.4
          terraform_wrapper: false

      - name: Install Windsor CLI
        uses: ./
        with:
          ref: v1.0.0
          context: local
          workdir: terraform/cluster/eks

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A Github Action for setting up a Windsor environment

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 10

v0.5.1 Latest
Dec 15, 2025
+ 9 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages