test module fetcher
Some checks failed
List Infisical Secrets / list-secrets (push) Failing after 1s
Some checks failed
List Infisical Secrets / list-secrets (push) Failing after 1s
This commit is contained in:
@@ -9,44 +9,14 @@ jobs:
|
|||||||
list-secrets:
|
list-secrets:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Force DNS resolution
|
- name: Fetch Infisical Secrets
|
||||||
run: |
|
uses: actions/infisical-secrets-fetcher@main
|
||||||
# Install dnsutils for 'dig' and jq for JSON processing
|
with:
|
||||||
sudo apt-get update && sudo apt-get install -y dnsutils jq
|
client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
|
||||||
|
client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
|
||||||
# Dynamically fetch the public IP to handle dynamic DNS
|
project_id: ${{ secrets.INFISICAL_PROJECT_ID }}
|
||||||
PUBLIC_IP=$(dig +short @1.1.1.1 infisical.lemarechal.eu | tail -n1)
|
secret_path: '/'
|
||||||
echo "Public IP found: $PUBLIC_IP"
|
domain: 'https://infisical.lemarechal.eu'
|
||||||
echo "$PUBLIC_IP infisical.lemarechal.eu" | sudo tee -a /etc/hosts
|
|
||||||
|
|
||||||
- name: Fetch and Inject Secrets
|
|
||||||
env:
|
|
||||||
CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
|
|
||||||
CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
|
|
||||||
PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
|
|
||||||
run: |
|
|
||||||
echo "Logging in to Infisical..."
|
|
||||||
LOGIN_RES=$(curl -s -X POST https://infisical.lemarechal.eu/api/v1/auth/universal-auth/login \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "{\"clientId\": \"$CLIENT_ID\", \"clientSecret\": \"$CLIENT_SECRET\"}")
|
|
||||||
|
|
||||||
TOKEN=$(echo $LOGIN_RES | jq -r .accessToken)
|
|
||||||
|
|
||||||
if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
|
|
||||||
echo "❌ Login failed: $LOGIN_RES"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "✅ Login successful. Fetching secrets..."
|
|
||||||
|
|
||||||
# Fetch raw secrets from the verified v3 endpoint
|
|
||||||
FETCH_RES=$(curl -s -X GET "https://infisical.lemarechal.eu/api/v3/secrets/raw?workspaceId=$PROJECT_ID&environment=prod&secretPath=%2FDiscord_bot" \
|
|
||||||
-H "Authorization: Bearer $TOKEN")
|
|
||||||
|
|
||||||
# Inject secrets into GITEA_ENV to make them available for subsequent steps
|
|
||||||
# We use jq to format them as KEY=VALUE pairs
|
|
||||||
echo "$FETCH_RES" | jq -r '.secrets[] | "\(.secretKey)=\(.secretValue)"' >> $GITEA_ENV
|
|
||||||
echo "✅ Secrets successfully fetched and injected."
|
|
||||||
|
|
||||||
- name: Display Secrets (Masked)
|
- name: Display Secrets (Masked)
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
Reference in New Issue
Block a user