update
This commit is contained in:
parent
9880149e9f
commit
0b36a68d06
57
action.yml
57
action.yml
@ -4,23 +4,23 @@ author: Jamie Schouten
|
|||||||
|
|
||||||
inputs:
|
inputs:
|
||||||
email:
|
email:
|
||||||
description: 'Bitwarden email'
|
description: "Bitwarden email"
|
||||||
required: true
|
required: true
|
||||||
password:
|
password:
|
||||||
description: 'Bitwarden password'
|
description: "Bitwarden password"
|
||||||
required: true
|
required: true
|
||||||
server:
|
server:
|
||||||
description: 'Bitwarden server'
|
description: "Bitwarden server"
|
||||||
required: false
|
required: false
|
||||||
default: ${{ vars.WARDEN_URL }}
|
default: ${{ vars.WARDEN_URL }}
|
||||||
client-id:
|
client-id:
|
||||||
description: 'Bitwarden client id'
|
description: "Bitwarden client ID"
|
||||||
required: true
|
required: true
|
||||||
client-secret:
|
client-secret:
|
||||||
description: 'Bitwarden client secret'
|
description: "Bitwarden client secret"
|
||||||
required: true
|
required: true
|
||||||
secrets:
|
secrets:
|
||||||
description: "One or more secret Ids to retrieve and the corresponding Gitea environment variable name to set"
|
description: "List of secret IDs and corresponding environment variable names (format: 'SECRET_ID > ENV_VAR')"
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
@ -34,7 +34,7 @@ runs:
|
|||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
bw login --apikey
|
bw login --apikey
|
||||||
echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> $GITHUB_ENV
|
echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> "$GITHUB_ENV"
|
||||||
env:
|
env:
|
||||||
BW_CLIENTID: ${{ inputs.client-id }}
|
BW_CLIENTID: ${{ inputs.client-id }}
|
||||||
BW_CLIENTSECRET: ${{ inputs.client-secret }}
|
BW_CLIENTSECRET: ${{ inputs.client-secret }}
|
||||||
@ -42,24 +42,31 @@ runs:
|
|||||||
- name: Retrieve Requested Secrets
|
- name: Retrieve Requested Secrets
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
IFS=$'\n' read -d '' -r -a secret_pairs <<< "${{ inputs.secrets }}"
|
if [[ -z "$BW_SESSION" ]]; then
|
||||||
|
echo "❌ BW_SESSION is not set. Please log in to Bitwarden first."
|
||||||
for pair in "${secret_pairs[@]}"; do
|
exit 1
|
||||||
SECRET_ID=$(echo "$pair" | cut -d'>' -f1 | xargs)
|
|
||||||
ENV_VAR=$(echo "$pair" | cut -d'>' -f2 | xargs)
|
|
||||||
|
|
||||||
if [[ -z "$SECRET_ID" || -z "$ENV_VAR" ]]; then
|
|
||||||
echo "❌ Invalid secret pair format: $pair"
|
|
||||||
continue
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "🔍 Retrieving secret: $SECRET_ID..."
|
echo "${{ inputs.secrets }}" | while IFS='>' read -r SECRET_ID ENV_VAR; do
|
||||||
SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
|
# Trim whitespace
|
||||||
|
SECRET_ID=$(echo "$SECRET_ID" | xargs)
|
||||||
|
ENV_VAR=$(echo "$ENV_VAR" | xargs)
|
||||||
|
|
||||||
if [[ -n "$SECRET_VALUE" ]]; then
|
# Validate input format
|
||||||
echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
|
if [[ -z "$SECRET_ID" || -z "$ENV_VAR" ]]; then
|
||||||
echo "✅ Stored $SECRET_ID in $ENV_VAR"
|
echo "❌ Invalid secret pair format: $SECRET_ID > $ENV_VAR"
|
||||||
else
|
continue
|
||||||
echo "❌ Failed to retrieve secret: $SECRET_ID"
|
fi
|
||||||
fi
|
|
||||||
done
|
echo "🔍 Retrieving secret: $SECRET_ID..."
|
||||||
|
|
||||||
|
# Fetch secret from Bitwarden
|
||||||
|
SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
|
||||||
|
|
||||||
|
if [[ -n "$SECRET_VALUE" ]]; then
|
||||||
|
echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
|
||||||
|
echo "✅ Stored $SECRET_ID in $ENV_VAR"
|
||||||
|
else
|
||||||
|
echo "❌ Failed to retrieve secret: $SECRET_ID"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user