name: List Infisical Secrets

on:
  push:
    branches: [ main ]
  workflow_dispatch:

jobs:
  list-secrets:
    runs-on: ubuntu-latest
    steps:
      - name: Fetch Infisical Secrets
        uses: actions/infisical-secrets-fetcher@main
        with:
          client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
          client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
          project_id: ${{ secrets.INFISICAL_PROJECT_ID }}
          secret_path: '/'
          domain: 'https://infisical.lemarechal.eu'

      - name: Display Secrets (Masked)
        run: |
          echo "Secrets fetched and injected as environment variables."
          # Gitea will automatically mask the values of these variables in the logs
          env | grep -v "GITHUB_" | grep -v "GITEA_" | sort