refactor: Improve raw secret fetching by using --data-urlencode for parameters and enhancing jq parsing to handle varied JSON response formats.

action.yml

@@ -63,8 +63,11 @@ runs:
 
         # 3. Fetch Raw Secrets
         echo "Fetching secrets from path: ${{ inputs.secret_path }} (Env: ${{ inputs.environment }})..."
-        SECRETS_RESPONSE=$(curl -s -X GET "${{ inputs.domain }}/api/v3/secrets/raw?workspaceId=${{ inputs.project_id }}&environment=${{ inputs.environment }}&secretPath=${{ inputs.secret_path }}" \
-          -H "Authorization: Bearer $ACCESS_TOKEN")
+        SECRETS_RESPONSE=$(curl -s -G "${{ inputs.domain }}/api/v3/secrets/raw" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          --data-urlencode "workspaceId=${{ inputs.project_id }}" \
+          --data-urlencode "environment=${{ inputs.environment }}" \
+          --data-urlencode "secretPath=${{ inputs.secret_path }}")
 
         # Check for errors in response (Infisical usually returns JSON, check if it's an object with 'secrets' or just the raw dictionary if using /raw endpoint? 
         # The prompt says /api/v3/secrets/raw. 
@@ -81,7 +84,7 @@ runs:
 
         # 4. Injection
         echo "Injecting secrets into Gitea Environment..."
-        echo "$SECRETS_RESPONSE" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' | while read -r line; do
+        echo "$SECRETS_RESPONSE" | jq -r 'if .secrets then .secrets[] | "\(.secretKey)=\(.secretValue)" else to_entries[] | "\(.key)=\(.value)" end' | while read -r line; do
             # Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach)
             # Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern.
             echo "$line" >> $GITEA_ENV