Added 1Password

Author: jmcombs

src/1password-cli/NOTES.md

@@ -0,0 +1,42 @@
+## OS & Architecture Support
+
+- Debian/Ubuntu Linux distributions with the `apt` package manager.
+- `amd64`, `arm64`, and `arm/v7` architectures are supported.
+
+## Configuration
+
+There are two options for using this implementation of the 1Password CLI:
+
+1. [Use service accounts with 1Password CLI](https://developer.1password.com/docs/service-accounts/use-with-1password-cli)
+2. [Use 1Password CLI with a Connect server](https://developer.1password.com/docs/connect/connect-cli)
+
+Both require using environment variables. The following are examples of how to set the environment variables for `devcontainer.json`based on which option (from above) is used:
+
+### Service Account
+
+```json
+"features": {
+    "ghcr.io/jmcombs/devcontainer-features/google-cloud-sdk:latest": {},
+    "ghcr.io/jmcombs/devcontainer-features/ngrok:latest": {}
+},
+...
+"containerEnv": {
+    "OP_SERVICE_ACCOUNT_TOKEN": "thisismyserviceaccount",
+    "OP_CONNECT_HOST": "thisismyconnecthost",
+    "OP_CONNECT_TOKEN": "thisismyconnecttoken"
+}
+```
+
+### Connect Server
+
+```json
+"features": {
+    "ghcr.io/jmcombs/devcontainer-features/google-cloud-sdk:latest": {},
+    "ghcr.io/jmcombs/devcontainer-features/ngrok:latest": {}
+},
+...
+"containerEnv": {
+    "OP_CONNECT_HOST": "thisismyconnecthost",
+    "OP_CONNECT_TOKEN": "thisismyconnecttoken"
+}
+```

src/1password-cli/devcontainer-feature.json

@@ -0,0 +1,7 @@
+{
+  "name": "1password-cli",
+  "id": "1password-cli",
+  "version": "1.0.0",
+  "description": "Installs the 1Password CLI inside of your devcontainer. You can also pass in a 1Password token to authenticate with 1Password.",
+  "installsAfter": ["ghcr.io/devcontainers/features/common-utils"]
+}

src/1password-cli/install.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+set -e
+
+# Extract 1Password information from environment variables
+OP_SERVICE_ACCOUNT_TOKEN=${OPSERVICEACCOUNTTOKEN:-}
+
+check_dependencies() {
+    for dep in "$@"; do
+        if ! command -v "$dep" >/dev/null 2>&1; then
+            echo "error: $dep is not installed, attempting to install..."
+            if command -v apt-get >/dev/null 2>&1; then
+                apt-get update && apt-get install --no-install-recommends -y "$dep"
+            else
+                echo "error: cannot install $dep, please install it manually" >&2
+                exit 1
+            fi
+        fi
+    done
+}
+
+install_1pcli() {
+    # Add the key for the 1Password apt repository:
+    curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
+    gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
+
+    # Add the 1Password apt repository:
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" |
+    tee /etc/apt/sources.list.d/1password.list
+
+    # Add the debsig-verify policy:
+    mkdir -p /etc/debsig/policies/AC2D62742012EA22/
+    curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
+    tee /etc/debsig/policies/AC2D62742012EA22/1password.pol && \
+    mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22 && \
+    curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
+    gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
+
+    # Install the 1Password CLI:
+    apt update && apt install 1password-cli
+}
+
+set_op_service_account_token() {
+    if [ -z "$OP_SERVICE_ACCOUNT_TOKEN" ] ; then
+        echo "OP_SERVICE_ACCOUNT_TOKEN is not set. Skipping 1Password Service Account Token setup."
+        return 0
+    fi
+    export $OP_SERVICE_ACCOUNT_TOKEN
+}
+
+check_dependencies curl ca-certificates
+install_1pcli
+set_op_service_account_token

test/1password-cli/1password-variable-test.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+# Import test library bundled with the devcontainer CLI
+# See https://github.com/devcontainers/cli/blob/HEAD/docs/features/test.md#dev-container-features-test-lib
+# Provides the 'check' and 'reportResults' commands.
+source dev-container-features-test-lib
+
+# Check if the environment variables are set and match the expected values
+check "OP_SERVICE_ACCOUNT_TOKEN is set" [ "$OP_SERVICE_ACCOUNT_TOKEN" = "thisismyserviceaccount" ]
+check "OP_CONNECT_HOST is set" [ "$OP_CONNECT_HOST" = "thisismyconnecthost" ]
+check "OP_CONNECT_TOKEN is set" [ "$OP_CONNECT_TOKEN" = "thisismyconnecttoken" ]
+
+# Report results
+# If any of the checks above exited with a non-zero exit code, the test will fail.
+reportResults

test/1password-cli/scenarios.json

@@ -0,0 +1,13 @@
+{
+  "1password-variable-test": {
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+      "1password-cli": {}
+    },
+    "containerEnv": {
+      "OP_SERVICE_ACCOUNT_TOKEN": "thisismyserviceaccount",
+      "OP_CONNECT_HOST": "thisismyconnecthost",
+      "OP_CONNECT_TOKEN": "thisismyconnecttoken"
+    }
+  }
+}

test/1password-cli/test.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+# Import test library bundled with the devcontainer CLI
+# See https://github.com/devcontainers/cli/blob/HEAD/docs/features/test.md#dev-container-features-test-lib
+# Provides the 'check' and 'reportResults' commands.
+source dev-container-features-test-lib
+
+# Feature-specific tests
+# The 'check' command comes from the dev-container-features-test-lib. Syntax is...
+# check <LABEL> <cmd> [args...]
+check "op installation" command -v op
+check "op version" op --version
+
+# Report results
+# If any of the checks above exited with a non-zero exit code, the test will fail.
+reportResults