ajout recherche simple secret

2026-01-25 14:25:32 +01:00
parent b28ca0aa7f
commit f0ecc2e0e3
1 changed files with 24 additions and 0 deletions
--- a/action.yml
+++ b/action.yml
@@ -22,6 +22,9 @@ inputs:
    description: 'Infisical Instance URL'
    default: 'https://infisical.lemarechal.eu'
    required: false
+  secrets:
+    description: 'Comma-separated list of secrets to fetch (e.g. "DISCORD_TOKEN,API_KEY"). If empty, fetches all.'
+    required: false

 runs:
  using: "composite"
@@ -84,7 +87,28 @@ runs:

        # 4. Injection
        echo "Injecting secrets into Gitea Environment..."
+        
+        # Prepare filter list (add commas to start/end makes matching "key" against ",key1,key2," easier)
+        FILTER_LIST="${{ inputs.secrets }}"
+        if [ -n "$FILTER_LIST" ]; then
+             # Remove spaces
+             FILTER_LIST=$(echo "$FILTER_LIST" | tr -d ' ')
+             # Surround with commas for exact match check
+             FILTER_LIST=",$FILTER_LIST,"
+             echo "Filtering for secrets: ${{ inputs.secrets }}"
+        fi
+
        echo "$SECRETS_RESPONSE" | jq -r 'if .secrets then .secrets[] | "\(.secretKey)=\(.secretValue)" else to_entries[] | "\(.key)=\(.value)" end' | while read -r line; do
+            key=$(echo "$line" | cut -d'=' -f1)
+            
+            # Apply filter if set
+            if [ -n "$FILTER_LIST" ]; then
+                 if [[ "$FILTER_LIST" != *",$key,"* ]]; then
+                     # echo "Skipping $key (not in allowlist)"
+                     continue
+                 fi
+            fi
+
            # Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach)
            # Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern.
            echo "$line" >> $GITEA_ENV