2024-08-24 20:05:35 -06:00
|
|
|
name: "Elysium Infisical Secrets"
|
|
|
|
|
description: "Fetch secrets from Infisical and add them to the env"
|
2024-02-13 23:37:58 -07:00
|
|
|
inputs:
|
|
|
|
|
infisical-token:
|
2024-08-24 20:05:35 -06:00
|
|
|
description: "Infisical API Token"
|
2024-02-13 23:37:58 -07:00
|
|
|
required: true
|
2024-02-15 17:51:14 -07:00
|
|
|
secret-envs:
|
2024-08-24 20:05:35 -06:00
|
|
|
description: "The environments to fetch secrets for (Example: ci or ci,prod,edge )"
|
2024-02-13 23:37:58 -07:00
|
|
|
required: true
|
2024-02-15 17:42:49 -07:00
|
|
|
secret-paths:
|
2024-08-24 20:05:35 -06:00
|
|
|
description: "Secret paths for the secrets (Must match the order of envs! Example: /main or /main,/alt-main)"
|
2024-02-14 19:50:41 -07:00
|
|
|
required: true
|
2024-08-24 17:56:41 -06:00
|
|
|
project-id:
|
2024-08-24 20:05:35 -06:00
|
|
|
description: "Infisical Secrets Project"
|
|
|
|
|
required: true
|
|
|
|
|
api-url:
|
|
|
|
|
description: "Infisical API URL (defaults to https://infisical.dunemask.dev/api)"
|
2024-08-24 17:56:41 -06:00
|
|
|
required: false
|
2024-08-24 20:05:35 -06:00
|
|
|
default: "https://infisical.dunemask.dev/api"
|
2024-02-13 23:37:58 -07:00
|
|
|
runs:
|
2024-08-24 20:05:35 -06:00
|
|
|
using: "composite"
|
2024-02-13 23:37:58 -07:00
|
|
|
steps:
|
2024-02-14 16:44:28 -07:00
|
|
|
- name: Infisical CLI install
|
|
|
|
|
shell: bash
|
|
|
|
|
run: |
|
2024-02-15 17:42:49 -07:00
|
|
|
# Install Infisical Binary
|
2024-02-17 00:32:19 -07:00
|
|
|
echo "Installing Infisical!"
|
2024-08-24 17:41:11 -06:00
|
|
|
curl -s -L https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv0.28.5/infisical_0.28.5_linux_amd64.tar.gz | tar xvzf - infisical
|
2024-08-24 20:05:35 -06:00
|
|
|
|
2024-02-17 00:32:19 -07:00
|
|
|
# Install yq
|
|
|
|
|
echo "Installing yq"
|
2024-02-17 00:29:19 -07:00
|
|
|
curl -s -L https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 >> yq
|
2024-02-17 00:32:19 -07:00
|
|
|
chmod +x yq
|
|
|
|
|
|
2024-02-15 17:42:49 -07:00
|
|
|
# Get paths and envs into list
|
|
|
|
|
paths="${{ inputs.secret-paths }}"
|
2024-02-15 17:51:14 -07:00
|
|
|
envs="${{ inputs.secret-envs }}"
|
2024-02-15 17:42:49 -07:00
|
|
|
|
|
|
|
|
path_list=( $(echo $paths | sed "s/,/ /g") )
|
|
|
|
|
env_list=( $(echo $envs | sed "s/,/ /g") )
|
|
|
|
|
path_len=${#path_list[@]}
|
|
|
|
|
env_len=${#env_list[@]}
|
|
|
|
|
|
2024-02-15 18:14:40 -07:00
|
|
|
# Ensure lengths match
|
2024-02-15 18:02:58 -07:00
|
|
|
if [ "$path_len" != "$env_len" ];
|
|
|
|
|
then
|
|
|
|
|
echo "Input must match the output!"
|
|
|
|
|
exit 1;
|
|
|
|
|
fi
|
2024-02-15 18:14:40 -07:00
|
|
|
|
2024-02-15 17:42:49 -07:00
|
|
|
# For each environment
|
2024-02-15 18:02:58 -07:00
|
|
|
for i in "${!path_list[@]}";
|
2024-02-15 18:14:40 -07:00
|
|
|
do echo "Getting secrets from path '${path_list[i]}' from '${env_list[i]}'"
|
2024-08-24 20:54:04 -06:00
|
|
|
./infisical export --domain ${{ inputs.api-url }} --projectId ${{ inputs.project-id }} --token ${{ inputs.infisical-token }} --env "${env_list[i]}" --path "${path_list[i]}" --format yaml | tee >(./yq -r 'to_entries[] | .key + "=" +.value' >> $GITHUB_ENV) | ./yq -r 'to_entries[] | "echo ::add-mask::\"" + .value + "\""' >> mask.sh
|
2024-02-20 03:13:15 -07:00
|
|
|
chmod +x mask.sh
|
|
|
|
|
./mask.sh
|
|
|
|
|
rm mask.sh
|
2024-02-15 18:02:58 -07:00
|
|
|
done
|
2024-02-13 23:37:58 -07:00
|
|
|
- shell: bash
|
2024-08-24 20:59:11 -06:00
|
|
|
run: echo "Secrets added to environment!"
|
