# Based on https://github.com/zerodays/action-infisical/blob/master/action.yml
name: 'Elysium Infisical Secrets'
description: 'Fetch secrets from Infisical and add them to the env'
inputs:
  infisical-token:
    description: 'Infisical API Token'
    required: true
  secret-envs:
    description: 'The environments to fetch secrets for (Example: ci or ci,prod,edge )'
    required: true
  secret-paths:
    description: 'Secret paths for the secrets (Must match the order of envs! Example: /main or /main,/alt-main)'
    required: true
  api-url:
    description: 'Infisical API URL (defaults to https://infisical.dunemask.dev/api)'
    required: false
    default: 'https://infisical.dunemask.dev/api'
runs:
  using: 'composite'
  steps:
    - name: Infisical CLI install
      shell: bash
      run: |
        # Install Infisical Binary
        curl -s -L https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv0.16.10/infisical_0.16.10_linux_amd64.tar.gz | tar xvz

        # Get paths and envs into list

        echo "Barely here"
        paths="${{ inputs.secret-paths }}"
        envs="${{ inputs.secret-envs }}"

        echo "Got splt"

        path_list=( $(echo $paths | sed "s/,/ /g") )
        env_list=( $(echo $envs | sed "s/,/ /g") )
        path_len=${#path_list[@]}
        env_len=${#env_list[@]} 

            echo "Got B4"
       # Ensure lengths match
        if [ "$path_len" != "$env_len" ];
        then
          echo "Input must match the output!"
          exit 1;
        fi
        echo "Got here"
        # For each environment
        for i in "${!path_list[@]}";
        do 
          echo "Getting secrets from path '${path_list[i]}' from '${env_list[i]}'"
          ./infisical export --domain ${{ inputs.api-url }} --token ${{ inputs.infisical-token}} --env "${env_list[i]}" --path "${path_list[i]}" >> $GITHUB_ENV;
        done
       
    - shell: bash
      run: echo "Secrets added to environment!".