forked from DopplerHQ/secrets-fetch-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
58 lines (49 loc) · 2.36 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import core from "@actions/core";
import { fetch, oidcAuth } from "./doppler.js";
// For local testing
if (process.env.NODE_ENV === "development" && process.env.DOPPLER_TOKEN) {
process.env["INPUT_AUTH-METHOD"] = "token";
process.env["INPUT_DOPPLER-API-DOMAIN"] = "api.doppler.com";
process.env["INPUT_DOPPLER-TOKEN"] = process.env.DOPPLER_TOKEN;
process.env["INPUT_DOPPLER-PROJECT"] = process.env.DOPPLER_PROJECT;
process.env["INPUT_DOPPLER-CONFIG"] = process.env.DOPPLER_CONFIG;
}
const AUTH_METHOD = core.getInput("auth-method");
const API_DOMAIN = core.getInput("doppler-api-domain");
let DOPPLER_TOKEN = "";
if (AUTH_METHOD === "oidc") {
const DOPPLER_IDENTITY_ID = core.getInput("doppler-identity-id", { required: true });
const oidcToken = await core.getIDToken();
core.setSecret(oidcToken);
DOPPLER_TOKEN = await oidcAuth(DOPPLER_IDENTITY_ID, oidcToken, API_DOMAIN);
} else if (AUTH_METHOD === "token") {
DOPPLER_TOKEN = core.getInput("doppler-token", { required: true });
} else {
core.setFailed("Unsupported auth-method");
process.exit();
}
const DOPPLER_META = ["DOPPLER_PROJECT", "DOPPLER_CONFIG", "DOPPLER_ENVIRONMENT"];
core.setSecret(DOPPLER_TOKEN);
const IS_SA_TOKEN = DOPPLER_TOKEN.startsWith("dp.sa.") || DOPPLER_TOKEN.startsWith("dp.said.");
const IS_PERSONAL_TOKEN = DOPPLER_TOKEN.startsWith("dp.pt.");
const DOPPLER_PROJECT = (IS_SA_TOKEN || IS_PERSONAL_TOKEN) ? core.getInput("doppler-project") : null;
const DOPPLER_CONFIG = (IS_SA_TOKEN || IS_PERSONAL_TOKEN) ? core.getInput("doppler-config") : null;
if (IS_PERSONAL_TOKEN && !(DOPPLER_PROJECT && DOPPLER_CONFIG)) {
core.setFailed("doppler-project and doppler-config inputs are required when using a Personal token. Additionally, we recommend switching to Service Accounts.");
process.exit();
}
if (IS_SA_TOKEN && !(DOPPLER_PROJECT && DOPPLER_CONFIG)) {
core.setFailed("doppler-project and doppler-config inputs are required when using a Service Account token");
process.exit();
}
const secrets = await fetch(DOPPLER_TOKEN, DOPPLER_PROJECT, DOPPLER_CONFIG, API_DOMAIN);
for (const [key, secret] of Object.entries(secrets)) {
const value = secret.computed || "";
core.setOutput(key, value);
if (!DOPPLER_META.includes(key) && secret.computedVisibility !== "unmasked") {
core.setSecret(value);
}
if (core.getInput("inject-env-vars") === "true") {
core.exportVariable(key, value);
}
}