From 2f926aff5507d359c0b951b1abdacfca13ec1901 Mon Sep 17 00:00:00 2001
From: Aydent <damien.f.lemarechal@gmail.com>
Date: Sun, 25 Jan 2026 11:46:44 +0100
Subject: [PATCH] test module fetcher

---
 .gitea/workflows/infisical-secrets.yml | 46 +++++---------------------
 1 file changed, 8 insertions(+), 38 deletions(-)

diff --git a/.gitea/workflows/infisical-secrets.yml b/.gitea/workflows/infisical-secrets.yml
index 3928e78..a9d7758 100644
--- a/.gitea/workflows/infisical-secrets.yml
+++ b/.gitea/workflows/infisical-secrets.yml
@@ -9,44 +9,14 @@ jobs:
   list-secrets:
     runs-on: ubuntu-latest
     steps:
-      - name: Force DNS resolution
-        run: |
-          # Install dnsutils for 'dig' and jq for JSON processing
-          sudo apt-get update && sudo apt-get install -y dnsutils jq
-          
-          # Dynamically fetch the public IP to handle dynamic DNS
-          PUBLIC_IP=$(dig +short @1.1.1.1 infisical.lemarechal.eu | tail -n1)
-          echo "Public IP found: $PUBLIC_IP"
-          echo "$PUBLIC_IP infisical.lemarechal.eu" | sudo tee -a /etc/hosts
-
-      - name: Fetch and Inject Secrets
-        env:
-          CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
-          CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
-          PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
-        run: |
-          echo "Logging in to Infisical..."
-          LOGIN_RES=$(curl -s -X POST https://infisical.lemarechal.eu/api/v1/auth/universal-auth/login \
-            -H "Content-Type: application/json" \
-            -d "{\"clientId\": \"$CLIENT_ID\", \"clientSecret\": \"$CLIENT_SECRET\"}")
-          
-          TOKEN=$(echo $LOGIN_RES | jq -r .accessToken)
-          
-          if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
-            echo "❌ Login failed: $LOGIN_RES"
-            exit 1
-          fi
-          
-          echo "✅ Login successful. Fetching secrets..."
-          
-          # Fetch raw secrets from the verified v3 endpoint
-          FETCH_RES=$(curl -s -X GET "https://infisical.lemarechal.eu/api/v3/secrets/raw?workspaceId=$PROJECT_ID&environment=prod&secretPath=%2FDiscord_bot" \
-            -H "Authorization: Bearer $TOKEN")
-          
-          # Inject secrets into GITEA_ENV to make them available for subsequent steps
-          # We use jq to format them as KEY=VALUE pairs
-          echo "$FETCH_RES" | jq -r '.secrets[] | "\(.secretKey)=\(.secretValue)"' >> $GITEA_ENV
-          echo "✅ Secrets successfully fetched and injected."
+      - name: Fetch Infisical Secrets
+        uses: actions/infisical-secrets-fetcher@main
+        with:
+          client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
+          client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
+          project_id: ${{ secrets.INFISICAL_PROJECT_ID }}
+          secret_path: '/'
+          domain: 'https://infisical.lemarechal.eu'
 
       - name: Display Secrets (Masked)
         run: |