51 lines
No EOL
1.8 KiB
YAML
51 lines
No EOL
1.8 KiB
YAML
# Based on https://github.com/zerodays/action-infisical/blob/master/action.yml
|
|
name: 'Elysium Infisical Secrets'
|
|
description: 'Fetch secrets from Infisical and add them to the env'
|
|
inputs:
|
|
infisical-token:
|
|
description: 'Infisical API Token'
|
|
required: true
|
|
envs:
|
|
description: 'The environments to fetch secrets for (Example: ci or ci,prod,edge )'
|
|
required: true
|
|
secret-paths:
|
|
description: 'Secret paths for the secrets (Must match the order of envs! Example: /main or /main,/alt-main)'
|
|
required: true
|
|
api-url:
|
|
description: 'Infisical API URL (defaults to https://infisical.dunemask.dev/api)'
|
|
required: false
|
|
default: 'https://infisical.dunemask.dev/api'
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- name: Infisical CLI install
|
|
shell: bash
|
|
run: |
|
|
# Install Infisical Binary
|
|
curl -s -L https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv0.16.10/infisical_0.16.10_linux_amd64.tar.gz | tar xvz
|
|
|
|
# Get paths and envs into list
|
|
paths="${{ inputs.secret-paths }}"
|
|
envs="${{ inputs.envs }}"
|
|
|
|
path_list=( $(echo $paths | sed "s/,/ /g") )
|
|
env_list=( $(echo $envs | sed "s/,/ /g") )
|
|
path_len=${#path_list[@]}
|
|
env_len=${#env_list[@]}
|
|
|
|
# Ensure lengths match
|
|
if [ $path_len != $env_len ];
|
|
then
|
|
echo "Input must match the output!"
|
|
exit 1;
|
|
fi
|
|
|
|
# For each environment
|
|
for i in "${!path_list[@]}";
|
|
do
|
|
echo "Getting secrets from path '${path_list[i]}' from '${env_list[i]}'"
|
|
./infisical export --domain ${{ inputs.api-url }} --token ${{ inputs.infisical-token}} --env "${env_list[i]}" --path "${path_list[i]}" >> $GITHUB_ENV;
|
|
done
|
|
|
|
- shell: bash
|
|
run: echo "Secrets added to environment!". |