From d5d243aa39277b2d0343367d8e1b36b689e8fb96 Mon Sep 17 00:00:00 2001
From: aydent <aydent@frielith.com>
Date: Sun, 25 Jan 2026 00:12:19 +0100
Subject: [PATCH] chore: Enhance Infisical secret fetching debug step to
 perform full login and secret fetch, removing basic secret presence
 verification.

---
 .gitea/workflows/infisical-secrets.yml | 34 +++++++++++++++-----------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/.gitea/workflows/infisical-secrets.yml b/.gitea/workflows/infisical-secrets.yml
index 715d66d..83afdb9 100644
--- a/.gitea/workflows/infisical-secrets.yml
+++ b/.gitea/workflows/infisical-secrets.yml
@@ -20,26 +20,32 @@ jobs:
           echo "Public IP found: $PUBLIC_IP"
           echo "$PUBLIC_IP infisical.lemarechal.eu" | sudo tee -a /etc/hosts
 
-      - name: Verify Secret Presence
+      - name: Debug Secret Fetch (curl)
         env:
           CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
+          PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
         run: |
-          echo "Checking secrets length (to avoid revealing them)..."
-          if [ -z "$CLIENT_ID" ]; then echo "❌ CLIENT_ID is EMPTY"; else echo "✅ CLIENT_ID length: ${#CLIENT_ID}"; fi
-          if [ -z "$CLIENT_SECRET" ]; then echo "❌ CLIENT_SECRET is EMPTY"; else echo "✅ CLIENT_SECRET length: ${#CLIENT_SECRET}"; fi
-
-      - name: Debug Authentication (curl)
-        env:
-          CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
-          CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
-        run: |
-          echo "Testing authentication endpoint..."
-          # Use -s to be silent and -S to show errors, then pipe to cat to see the body
-          RESPONSE=$(curl -s -S -X POST https://infisical.lemarechal.eu/api/v1/auth/universal-auth/login \
+          echo "Logging in..."
+          LOGIN_RES=$(curl -s -X POST https://infisical.lemarechal.eu/api/v1/auth/universal-auth/login \
             -H "Content-Type: application/json" \
             -d "{\"clientId\": \"$CLIENT_ID\", \"clientSecret\": \"$CLIENT_SECRET\"}")
-          echo "API Response: $RESPONSE"
+          
+          TOKEN=$(echo $LOGIN_RES | jq -r .accessToken)
+          
+          if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
+            echo "❌ Login failed: $LOGIN_RES"
+            exit 1
+          fi
+          
+          echo "✅ Login successful. Fetching secrets..."
+          
+          # Attempt to fetch secrets to see the 400 error message
+          # Note: workspaceId is the Project ID
+          FETCH_RES=$(curl -s -X GET "https://infisical.lemarechal.eu/api/v3/secrets/raw?workspaceId=$PROJECT_ID&environment=prod&secretPath=%2FDiscord_bot" \
+            -H "Authorization: Bearer $TOKEN")
+          
+          echo "Secrets API Response: $FETCH_RES"
 
       - name: Fetch Secrets from Infisical
         uses: https://github.com/Infisical/secrets-action@v1.0.7