From b28ca0aa7f8755c688030de69d31813e132e23cd Mon Sep 17 00:00:00 2001 From: Aydent Date: Sun, 25 Jan 2026 12:15:19 +0100 Subject: [PATCH] refactor: Improve raw secret fetching by using `--data-urlencode` for parameters and enhancing `jq` parsing to handle varied JSON response formats. --- action.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 7e8c8ee..c0ca69b 100644 --- a/action.yml +++ b/action.yml @@ -63,8 +63,11 @@ runs: # 3. Fetch Raw Secrets echo "Fetching secrets from path: ${{ inputs.secret_path }} (Env: ${{ inputs.environment }})..." - SECRETS_RESPONSE=$(curl -s -X GET "${{ inputs.domain }}/api/v3/secrets/raw?workspaceId=${{ inputs.project_id }}&environment=${{ inputs.environment }}&secretPath=${{ inputs.secret_path }}" \ - -H "Authorization: Bearer $ACCESS_TOKEN") + SECRETS_RESPONSE=$(curl -s -G "${{ inputs.domain }}/api/v3/secrets/raw" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + --data-urlencode "workspaceId=${{ inputs.project_id }}" \ + --data-urlencode "environment=${{ inputs.environment }}" \ + --data-urlencode "secretPath=${{ inputs.secret_path }}") # Check for errors in response (Infisical usually returns JSON, check if it's an object with 'secrets' or just the raw dictionary if using /raw endpoint? # The prompt says /api/v3/secrets/raw. @@ -81,7 +84,7 @@ runs: # 4. Injection echo "Injecting secrets into Gitea Environment..." - echo "$SECRETS_RESPONSE" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' | while read -r line; do + echo "$SECRETS_RESPONSE" | jq -r 'if .secrets then .secrets[] | "\(.secretKey)=\(.secretValue)" else to_entries[] | "\(.key)=\(.value)" end' | while read -r line; do # Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach) # Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern. echo "$line" >> $GITEA_ENV