# Infisical Secrets Fetcher for Gitea Actions

This composite Gitea Action fetches secrets from a self-hosted [Infisical](https://infisical.com) instance and injects them into the Gitea Actions environment.

## Features

- **DNS Resolution Fix**: Automatically resolves the Infisical domain using Cloudflare DNS (1.1.1.1) and updates `/etc/hosts` to prevent DNS timeouts on runners.
- **Universal Auth**: Supports Machine Identity authentication.
- **Secure Injection**: Injects secrets directly into `$GITEA_ENV` and masks values.

## Usage

```yaml
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Fetch Secrets
        uses: actions/infisical-secrets-fetcher@main
        with:
          client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
          client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
          project_id: ${{ secrets.INFISICAL_PROJECT_ID }}
          environment: 'prod'       # Optional, default: prod
          secret_path: '/MyHelper'  # Optional, default: /
          domain: 'https://infisical.lemarechal.eu' # Optional, default provided
```

## Inputs

| Input | Description | Required | Default |
|-------|-------------|----------|---------|
| `client_id` | Machine Identity Client ID | Yes | - |
| `client_secret` | Machine Identity Client Secret | Yes | - |
| `project_id` | Infisical Project ID (Workspace ID) | Yes | - |
| `environment` | Environment slug (dev, staging, prod) | No | `prod` |
| `secret_path` | Path to secrets folder | No | `/` |
| `domain` | URL of the Infisical instance | No | `https://infisical.lemarechal.eu` |

## License

MIT