name: List Infisical Secrets

on:
  push:
    branches: [ main ]
  workflow_dispatch:

jobs:
  list-secrets:
    runs-on: ubuntu-latest
    steps:
      - name: Force DNS resolution
        run: |
          # Force resolution to public IP found via dig
          echo "2.9.101.21 infisical.lemarechal.eu" | sudo tee -a /etc/hosts

      - name: Fetch Secrets from Infisical
        uses: https://github.com/Infisical/secrets-action@v1.0.7
        with:
          client-id: ${{ secrets.INFISICAL_CLIENT_ID }}
          client-secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
          project-id: ${{ secrets.INFISICAL_PROJECT_ID }}
          env-slug: prod
          secret-path: /Discord_bot
          domain: https://infisical.lemarechal.eu

      - name: Display Secrets
        run: |
          echo "Secrets fetched and injected as environment variables."
          # Note: Gitea/GitHub will mask the values of these secrets in the logs.
          # To see which keys were fetched, we can list the environment variables.
          env | grep -v "GITHUB_" | grep -v "GITEA_" | sort