From d344f0f3191c86ceb631043475524c58e1dfd18f Mon Sep 17 00:00:00 2001
From: Johan Rooijakkers <johan@qlic.nl>
Date: Wed, 26 Feb 2025 14:48:12 +0100
Subject: [PATCH] update workflow

---
 .gitea/workflows/deploy.yml | 37 ++++++++++++++++++++++++++++++++++---
 .idea/.gitignore            | 10 ++++++++++
 2 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 .idea/.gitignore

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 78e576e..78cb896 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -23,8 +23,24 @@ on:
         required: false
         type: string
         default: ${{ vars.REGISTRY_PASSWORD }}
+      warden-client-id:
+        description: 'Bitwarden client id'
+        required: true
+      warden-client-secret:
+        description: 'Bitwarden client secret'
+        required: true
+      warden-password:
+        description: 'Bitwarden password'
+        required: true
+      warden-server:
+        description: 'Bitwarden server'
+        required: false
+        default: ${{ vars.WARDEN_URL }}
+      secrets:
+        description: "One or more secret Ids to retrieve and the corresponding Gitea environment variable name to set"
+        required: true
 
-jobs:
+jobs: 
   deploy:
     runs-on: ubuntu-24.04
     container:
@@ -35,14 +51,29 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387
+      
+      - name: Setup SSH agent
+        uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387
         with:
           ssh-private-key: ${{ secrets.ssh-private-key }}
+
+      - name: Get bitwarden secrets
+        uses: actions/warden@1a8c7e1c69cdd51454ba08e2b8779fbc5e058b3d
+        with:
+          client-id: ${{ inputs.warden-client-id }}
+          secret-id: ${{ inputs.warden-client-secret }}
+          password: ${{ inputs.warden-password }}
+          server: ${{ inputs.warden-server }}
+          secrets: ${{ inputs.secrets }}
+      
       - name: Create .env file from secret
-        run: echo "${{ secrets.env }}" > .kamal/secrets.${{ inputs.environment }}
+        run: echo "$ENV" > .kamal/secrets.${{ inputs.environment }}
+      
       - name: Append kamal registry password
         run: echo "KAMAL_REGISTRY_PASSWORD=${{ inputs.password }}" >> .kamal/secrets.${{ inputs.environment }}
+      
       - name: Boot accessories
         run: kamal accessory reboot all -d ${{ inputs.environment }}
+      
       - name: Deploy
         run: kamal deploy -d ${{ inputs.environment }}
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..cd86870
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,10 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
+
+.idea/
\ No newline at end of file
-- 
2.47.2