# Based on https://github.com/zerodays/action-infisical/blob/master/action.yml
name: 'Elysium Infisical Secrets'
description: 'Fetch secrets from Infisical and add them to the env'
inputs:
  infisical-token:
    description: 'Infisical API Token'
    required: true
  workspace-id:
    description: 'Infisical Workspace ID'
    required: true
  environment:
    description: 'The environment to fetch secrets for (e.g., staging, production)'
    required: true
  secret-path:
    description: 'Secret path (defaults to /)'
    required: false
    default: '/'
  api-url:
    description: 'Infisical API URL (defaults to https://infisical.dunemask.dev)'
    required: false
    default: 'https://infisical.dunemask.dev'
runs:
  using: 'composite'
  steps:
    - name: Fetch secrets from Infisical and add them to the environment
      shell: bash
      run: |
        curl "${{ inputs.api-url }}/api/v3/secrets/raw?environment=${{ inputs.environment }}&secretPath=${{ inputs.secret-path }}&workspaceId=${{ inputs.workspace-id }}" \
        --header "Authorization: Bearer ${{ inputs.infisical-token }}" \
        | jq -r '.secrets[] | "\(.secretKey)=\(.secretValue)"' > $GITHUB_ENV
    - shell: bash
      run: echo "Secrets added to environment!".