From f0ecc2e0e3f5968c6ef665ea76e8fd16081de701 Mon Sep 17 00:00:00 2001 From: Aydent Date: Sun, 25 Jan 2026 14:25:32 +0100 Subject: [PATCH] ajout recherche simple secret --- action.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/action.yml b/action.yml index c0ca69b..d9bd432 100644 --- a/action.yml +++ b/action.yml @@ -22,6 +22,9 @@ inputs: description: 'Infisical Instance URL' default: 'https://infisical.lemarechal.eu' required: false + secrets: + description: 'Comma-separated list of secrets to fetch (e.g. "DISCORD_TOKEN,API_KEY"). If empty, fetches all.' + required: false runs: using: "composite" @@ -84,7 +87,28 @@ runs: # 4. Injection echo "Injecting secrets into Gitea Environment..." + + # Prepare filter list (add commas to start/end makes matching "key" against ",key1,key2," easier) + FILTER_LIST="${{ inputs.secrets }}" + if [ -n "$FILTER_LIST" ]; then + # Remove spaces + FILTER_LIST=$(echo "$FILTER_LIST" | tr -d ' ') + # Surround with commas for exact match check + FILTER_LIST=",$FILTER_LIST," + echo "Filtering for secrets: ${{ inputs.secrets }}" + fi + echo "$SECRETS_RESPONSE" | jq -r 'if .secrets then .secrets[] | "\(.secretKey)=\(.secretValue)" else to_entries[] | "\(.key)=\(.value)" end' | while read -r line; do + key=$(echo "$line" | cut -d'=' -f1) + + # Apply filter if set + if [ -n "$FILTER_LIST" ]; then + if [[ "$FILTER_LIST" != *",$key,"* ]]; then + # echo "Skipping $key (not in allowlist)" + continue + fi + fi + # Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach) # Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern. echo "$line" >> $GITEA_ENV