initial commit

2026-01-25 11:33:39 +01:00
commit 3dd8ad4c1f
2 changed files with 136 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,42 @@
+# Infisical Secrets Fetcher for Gitea Actions
+
+This composite Gitea Action fetches secrets from a self-hosted [Infisical](https://infisical.com) instance and injects them into the Gitea Actions environment.
+
+## Features
+
+- **DNS Resolution Fix**: Automatically resolves the Infisical domain using Cloudflare DNS (1.1.1.1) and updates `/etc/hosts` to prevent DNS timeouts on runners.
+- **Universal Auth**: Supports Machine Identity authentication.
+- **Secure Injection**: Injects secrets directly into `$GITEA_ENV` and masks values.
+
+## Usage
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch Secrets
+        uses: actions/infisical-secrets-fetcher@main
+        with:
+          client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
+          client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
+          project_id: ${{ secrets.INFISICAL_PROJECT_ID }}
+          environment: 'prod'       # Optional, default: prod
+          secret_path: '/MyHelper'  # Optional, default: /
+          domain: 'https://infisical.lemarechal.eu' # Optional, default provided
+```
+
+## Inputs
+
+| Input | Description | Required | Default |
+|-------|-------------|----------|---------|
+| `client_id` | Machine Identity Client ID | Yes | - |
+| `client_secret` | Machine Identity Client Secret | Yes | - |
+| `project_id` | Infisical Project ID (Workspace ID) | Yes | - |
+| `environment` | Environment slug (dev, staging, prod) | No | `prod` |
+| `secret_path` | Path to secrets folder | No | `/` |
+| `domain` | URL of the Infisical instance | No | `https://infisical.lemarechal.eu` |
+
+## License
+
+MIT