actions/warden
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
warden/action.yml
Johan Rooijakkers 4c47cbb786 update
2025-02-26 15:59:44 +01:00

80 lines
2.2 KiB
YAML
Raw Blame History

name: Auth Warden
description: Authenticate with Bitwarden and retrieve dynamic secrets
author: Jamie Schouten
inputs:
email:
description: 'Bitwarden email'
required: true
password:
description: 'Bitwarden password'
required: true
server:
description: 'Bitwarden server'
required: false
default: ${{ vars.WARDEN_URL }}
client-id:
description: 'Bitwarden client id'
required: true
client-secret:
description: 'Bitwarden client secret'
required: true
secrets:
description: "One or more secret Ids to retrieve and the corresponding Gitea environment variable name to set"
required: true
runs:
using: "composite"
steps:
- name: Configure Bitwarden Server
shell: sh
run: bw config server ${{ inputs.server }}
- name: Unlock Vault
shell: sh
run: |
# Ensure Bitwarden is logged in
if ! bw login --check; then
bw login --apikey
fi
# Unlock the vault and store the session key
BW_SESSION=$(bw unlock "${{ inputs.password }}" --raw)
# Verify if BW_SESSION is set correctly
if [ -n "$BW_SESSION" ]; then
echo "BW_SESSION=$BW_SESSION" >> "$GITHUB_ENV"
export BW_SESSION
echo "✅ Vault unlocked successfully!"
else
echo "❌ Failed to unlock Bitwarden vault"
exit 1
fi
env:
BW_CLIENTID: ${{ inputs.client-id }}
BW_CLIENTSECRET: ${{ inputs.client-secret }}
- name: Retrieve Requested Secrets
shell: sh
run: |
OLDIFS="$IFS"
IFS=","
set -- "${{ inputs.secrets }}"
IFS="$OLDIFS"
for pair in "$@"; do
SECRET_ID=$(echo "$pair" | cut -d"=" -f1)
ENV_VAR=$(echo "$pair" | cut -d"=" -f2)
echo "Retrieving secret: $SECRET_ID..."
SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION")
if [ -n "$SECRET_VALUE" ]; then
echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
echo "✅ Stored $SECRET_ID in $ENV_VAR"
else
echo "❌ Failed to retrieve secret: $SECRET_ID"
fi
done
Reference in New Issue View Git Blame Copy Permalink