From 9880149e9f0cfa663498a5d113e7639154b470f0 Mon Sep 17 00:00:00 2001
From: Johan Rooijakkers <johan@qlic.nl>
Date: Wed, 26 Feb 2025 17:35:14 +0100
Subject: [PATCH] update

---
 .gitignore         |  1 -
 action.yml         | 49 ++++++++++++++++----------------
 package-lock.json  | 70 ----------------------------------------------
 package.json       |  5 ----
 retrieveSecrets.js | 53 -----------------------------------
 5 files changed, 25 insertions(+), 153 deletions(-)
 delete mode 100644 .gitignore
 delete mode 100644 package-lock.json
 delete mode 100644 package.json
 delete mode 100644 retrieveSecrets.js

diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 30bc162..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/node_modules
\ No newline at end of file
diff --git a/action.yml b/action.yml
index ee596cd..c77d5fb 100644
--- a/action.yml
+++ b/action.yml
@@ -33,32 +33,33 @@ runs:
     - name: Unlock Vault
       shell: sh
       run: |
-        # Ensure Bitwarden is logged in
-        if ! bw login --check; then
-          bw login --apikey
-        fi
-
-        # Unlock the vault and store the session key
-        BW_SESSION=$(bw unlock "${{ inputs.password }}" --raw)
-        
-        # Verify if BW_SESSION is set correctly
-        if [ -n "$BW_SESSION" ]; then
-          echo "BW_SESSION=$BW_SESSION" >> "$GITHUB_ENV"
-          export BW_SESSION
-          echo "✅ Vault unlocked successfully!"
-        else
-          echo "❌ Failed to unlock Bitwarden vault"
-          exit 1
-        fi
+        bw login --apikey
+        echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> $GITHUB_ENV
       env:
         BW_CLIENTID: ${{ inputs.client-id }}
         BW_CLIENTSECRET: ${{ inputs.client-secret }}
     
-    - name: Setup Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: '20'
-    
     - name: Retrieve Requested Secrets
-      shell: sh
-      run: node retrieveSecrets.js
\ No newline at end of file
+      shell: bash
+      run: |
+        IFS=$'\n' read -d '' -r -a secret_pairs <<< "${{ inputs.secrets }}"
+        
+        for pair in "${secret_pairs[@]}"; do
+          SECRET_ID=$(echo "$pair" | cut -d'>' -f1 | xargs)
+          ENV_VAR=$(echo "$pair" | cut -d'>' -f2 | xargs)
+
+          if [[ -z "$SECRET_ID" || -z "$ENV_VAR" ]]; then
+            echo "❌ Invalid secret pair format: $pair"
+            continue
+          fi
+          
+          echo "🔍 Retrieving secret: $SECRET_ID..."
+          SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
+
+          if [[ -n "$SECRET_VALUE" ]]; then
+            echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
+            echo "✅ Stored $SECRET_ID in $ENV_VAR"
+          else
+            echo "❌ Failed to retrieve secret: $SECRET_ID"
+          fi
+        done      
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
deleted file mode 100644
index 8166a29..0000000
--- a/package-lock.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "name": "warden",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "dependencies": {
-        "@actions/core": "^1.11.1"
-      }
-    },
-    "node_modules/@actions/core": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
-      "dependencies": {
-        "@actions/exec": "^1.1.1",
-        "@actions/http-client": "^2.0.1"
-      }
-    },
-    "node_modules/@actions/exec": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
-      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-      "dependencies": {
-        "@actions/io": "^1.0.1"
-      }
-    },
-    "node_modules/@actions/http-client": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
-      "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
-      "dependencies": {
-        "tunnel": "^0.0.6",
-        "undici": "^5.25.4"
-      }
-    },
-    "node_modules/@actions/io": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
-      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
-    },
-    "node_modules/@fastify/busboy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
-      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
-      "engines": {
-        "node": ">=14"
-      }
-    },
-    "node_modules/tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
-      "engines": {
-        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
-      }
-    },
-    "node_modules/undici": {
-      "version": "5.28.5",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
-      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
-      "dependencies": {
-        "@fastify/busboy": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=14.0"
-      }
-    }
-  }
-}
diff --git a/package.json b/package.json
deleted file mode 100644
index 2472e04..0000000
--- a/package.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "dependencies": {
-    "@actions/core": "^1.11.1"
-  }
-}
diff --git a/retrieveSecrets.js b/retrieveSecrets.js
deleted file mode 100644
index cb3cb03..0000000
--- a/retrieveSecrets.js
+++ /dev/null
@@ -1,53 +0,0 @@
-import * as core from "@actions/core";
-import { execSync } from "child_process";
-
-function getSecrets() {
-  try {
-    const secretsRaw = core.getInput("secrets", { required: true });
-    const sessionKey = process.env.BW_SESSION;
-
-    if (!sessionKey) {
-      throw new Error("BW_SESSION is not set. Make sure Bitwarden is unlocked.");
-    }
-
-    // Secrets parsen naar een array van { id, name }
-    const secrets = secretsRaw
-      .split("\n")
-      .map((s) => s.trim())
-      .filter((s) => s.includes(">"))
-      .map((s) => {
-        const [id, name] = s.split(">").map((part) => part.trim());
-        return { id, name };
-      });
-
-    if (secrets.length === 0) {
-      throw new Error("No valid secrets provided.");
-    }
-
-    core.info(`🔍 Retrieving ${secrets.length} secrets from Bitwarden...`);
-
-    secrets.forEach(({ id, name }) => {
-      try {
-        const value = execSync(`bw get notes ${id} --session ${sessionKey}`, {
-          encoding: "utf-8",
-        }).trim();
-
-        if (value) {
-          core.exportVariable(name, value);
-          core.setSecret(value); // Verberg secret in logs
-          core.info(`✅ Stored secret ${id} as ${name}`);
-        } else {
-          core.warning(`⚠️ No value found for secret: ${id}`);
-        }
-      } catch (error) {
-        core.warning(`❌ Failed to retrieve secret: ${id} - ${error.message}`);
-      }
-    });
-
-    core.info("✅ All secrets retrieved successfully!");
-  } catch (error) {
-    core.setFailed(`❌ Error retrieving secrets: ${error.message}`);
-  }
-}
-
-getSecrets();