From f98468df1275680c7805700c7ffe06eef18405eb Mon Sep 17 00:00:00 2001 From: aydent Date: Sat, 24 Jan 2026 23:14:03 +0100 Subject: [PATCH] feat: replace manual Infisical CLI secret fetching with the official Infisical secrets action. --- .gitea/workflows/infisical-secrets.yml | 30 ++++++++++++-------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/.gitea/workflows/infisical-secrets.yml b/.gitea/workflows/infisical-secrets.yml index 19051a1..c004f3a 100644 --- a/.gitea/workflows/infisical-secrets.yml +++ b/.gitea/workflows/infisical-secrets.yml @@ -9,21 +9,19 @@ jobs: list-secrets: runs-on: ubuntu-latest steps: - - name: Install Infisical CLI - run: | - curl -1sLf 'https://artifacts-cli.infisical.com/setup.deb.sh' | sudo -E bash - sudo apt-get update && sudo apt-get install -y infisical + - name: Fetch Secrets from Infisical + uses: https://github.com/Infisical/secrets-action@v1.0.7 + with: + client-id: ${{ secrets.INFISICAL_CLIENT_ID }} + client-secret: ${{ secrets.INFISICAL_CLIENT_SECRET }} + project-id: ${{ secrets.INFISICAL_PROJECT_ID }} + env-slug: prod + secret-path: /Discord_bot + domain: https://infisical.lemarechal.eu - - name: List and Export Secrets - env: - INFISICAL_API_URL: https://infisical.lemarechal.eu - INFISICAL_UNIVERSAL_AUTH_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }} - INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }} + - name: Display Secrets run: | - # Connexion explicite via Universal Auth - infisical login --method=universal-auth \ - --client-id=$INFISICAL_UNIVERSAL_AUTH_CLIENT_ID \ - --client-secret=$INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET - - # Lister les secrets - infisical secrets --path /Discord_bot --env prod --projectId ${{ secrets.INFISICAL_PROJECT_ID }} + echo "Secrets fetched and injected as environment variables." + # Note: Gitea/GitHub will mask the values of these secrets in the logs. + # To see which keys were fetched, we can list the environment variables. + env | grep -v "GITHUB_" | grep -v "GITEA_" | sort