actions/infisical-secrets-fetcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Improve raw secret fetching by using --data-urlencode for parameters and enhancing jq parsing to handle varied JSON response formats.

Browse Source
This commit is contained in:
Aydent
2026-01-25 12:15:19 +01:00
parent 3dd8ad4c1f
commit b28ca0aa7f
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
action.yml
View File

@@ -63,8 +63,11 @@ runs:
# 3. Fetch Raw Secrets # 3. Fetch Raw Secrets
echo "Fetching secrets from path: ${{ inputs.secret_path }} (Env: ${{ inputs.environment }})..." echo "Fetching secrets from path: ${{ inputs.secret_path }} (Env: ${{ inputs.environment }})..."
SECRETS_RESPONSE=$(curl -s -X GET "${{ inputs.domain }}/api/v3/secrets/raw?workspaceId=${{ inputs.project_id }}&environment=${{ inputs.environment }}&secretPath=${{ inputs.secret_path }}" \ SECRETS_RESPONSE=$(curl -s -G "${{ inputs.domain }}/api/v3/secrets/raw" \
-H "Authorization: Bearer $ACCESS_TOKEN") -H "Authorization: Bearer $ACCESS_TOKEN" \
--data-urlencode "workspaceId=${{ inputs.project_id }}" \
--data-urlencode "environment=${{ inputs.environment }}" \
--data-urlencode "secretPath=${{ inputs.secret_path }}")
# Check for errors in response (Infisical usually returns JSON, check if it's an object with 'secrets' or just the raw dictionary if using /raw endpoint? # Check for errors in response (Infisical usually returns JSON, check if it's an object with 'secrets' or just the raw dictionary if using /raw endpoint?
# The prompt says /api/v3/secrets/raw. # The prompt says /api/v3/secrets/raw.
@@ -81,7 +84,7 @@ runs:
# 4. Injection # 4. Injection
echo "Injecting secrets into Gitea Environment..." echo "Injecting secrets into Gitea Environment..."
echo "$SECRETS_RESPONSE" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' | while read -r line; do echo "$SECRETS_RESPONSE" | jq -r 'if .secrets then .secrets[] | "\(.secretKey)=\(.secretValue)" else to_entries[] | "\(.key)=\(.value)" end' | while read -r line; do
# Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach) # Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach)
# Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern. # Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern.
echo "$line" >> $GITEA_ENV echo "$line" >> $GITEA_ENV