62 lines
1.6 KiB
YAML
62 lines
1.6 KiB
YAML
name: Auth Warden
|
|
description: Authenticate with Bitwarden and retrieve dynamic secrets
|
|
author: Jamie Schouten
|
|
|
|
inputs:
|
|
email:
|
|
description: 'Bitwarden email'
|
|
required: true
|
|
password:
|
|
description: 'Bitwarden password'
|
|
required: true
|
|
server:
|
|
description: 'Bitwarden server'
|
|
required: false
|
|
default: ${{ vars.WARDEN_URL }}
|
|
client-id:
|
|
description: 'Bitwarden client id'
|
|
required: true
|
|
client-secret:
|
|
description: 'Bitwarden client secret'
|
|
required: true
|
|
secrets:
|
|
description: "One or more secret Ids to retrieve and the corresponding Gitea environment variable name to set"
|
|
required: true
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Configure Bitwarden Server
|
|
shell: sh
|
|
run: bw config server ${{ inputs.server }}
|
|
|
|
- name: Unlock Vault
|
|
shell: sh
|
|
run: |
|
|
# Ensure Bitwarden is logged in
|
|
if ! bw login --check; then
|
|
bw login --apikey
|
|
fi
|
|
|
|
# Unlock the vault and store the session key
|
|
BW_SESSION=$(bw unlock "${{ inputs.password }}" --raw)
|
|
|
|
# Verify if BW_SESSION is set correctly
|
|
if [ -n "$BW_SESSION" ]; then
|
|
echo "BW_SESSION=$BW_SESSION" >> "$GITHUB_ENV"
|
|
export BW_SESSION
|
|
echo "✅ Vault unlocked successfully!"
|
|
else
|
|
echo "❌ Failed to unlock Bitwarden vault"
|
|
exit 1
|
|
fi
|
|
env:
|
|
BW_CLIENTID: ${{ inputs.client-id }}
|
|
BW_CLIENTSECRET: ${{ inputs.client-secret }}
|
|
|
|
- name: Install Dependencies
|
|
run: npm install
|
|
|
|
- name: Retrieve Requested Secrets
|
|
shell: sh
|
|
run: node retrieveSecrets.js |