test module fetcher
Some checks failed
List Infisical Secrets / list-secrets (push) Failing after 1s
Some checks failed
List Infisical Secrets / list-secrets (push) Failing after 1s
This commit is contained in:
@@ -9,44 +9,14 @@ jobs:
|
||||
list-secrets:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Force DNS resolution
|
||||
run: |
|
||||
# Install dnsutils for 'dig' and jq for JSON processing
|
||||
sudo apt-get update && sudo apt-get install -y dnsutils jq
|
||||
|
||||
# Dynamically fetch the public IP to handle dynamic DNS
|
||||
PUBLIC_IP=$(dig +short @1.1.1.1 infisical.lemarechal.eu | tail -n1)
|
||||
echo "Public IP found: $PUBLIC_IP"
|
||||
echo "$PUBLIC_IP infisical.lemarechal.eu" | sudo tee -a /etc/hosts
|
||||
|
||||
- name: Fetch and Inject Secrets
|
||||
env:
|
||||
CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
|
||||
CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
|
||||
PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
|
||||
run: |
|
||||
echo "Logging in to Infisical..."
|
||||
LOGIN_RES=$(curl -s -X POST https://infisical.lemarechal.eu/api/v1/auth/universal-auth/login \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"clientId\": \"$CLIENT_ID\", \"clientSecret\": \"$CLIENT_SECRET\"}")
|
||||
|
||||
TOKEN=$(echo $LOGIN_RES | jq -r .accessToken)
|
||||
|
||||
if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
|
||||
echo "❌ Login failed: $LOGIN_RES"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Login successful. Fetching secrets..."
|
||||
|
||||
# Fetch raw secrets from the verified v3 endpoint
|
||||
FETCH_RES=$(curl -s -X GET "https://infisical.lemarechal.eu/api/v3/secrets/raw?workspaceId=$PROJECT_ID&environment=prod&secretPath=%2FDiscord_bot" \
|
||||
-H "Authorization: Bearer $TOKEN")
|
||||
|
||||
# Inject secrets into GITEA_ENV to make them available for subsequent steps
|
||||
# We use jq to format them as KEY=VALUE pairs
|
||||
echo "$FETCH_RES" | jq -r '.secrets[] | "\(.secretKey)=\(.secretValue)"' >> $GITEA_ENV
|
||||
echo "✅ Secrets successfully fetched and injected."
|
||||
- name: Fetch Infisical Secrets
|
||||
uses: actions/infisical-secrets-fetcher@main
|
||||
with:
|
||||
client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
|
||||
client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
|
||||
project_id: ${{ secrets.INFISICAL_PROJECT_ID }}
|
||||
secret_path: '/'
|
||||
domain: 'https://infisical.lemarechal.eu'
|
||||
|
||||
- name: Display Secrets (Masked)
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user