fix: secret plumbing

bakdata · Nov 27, 2024 · 66f4c24 · 66f4c24
1 parent 337eaef
commit 66f4c24
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/actions/gcp-gsm-load-secrets/action.yaml b/actions/gcp-gsm-load-secrets/action.yaml
@@ -18,9 +18,9 @@ inputs:
     required: false
     default: true
 outputs:
-  secrets:
-    description: "Secrets loaded from Secret Manager"
-    value: ${{ toJSON(steps.secrets.outputs)}}
+  secret-names:
+    description: "Comma-separated list of secret names"
+    value: ${{ steps.parse_secrets.outputs.secret-names }}
 runs:
   using: "composite"
   steps:
@@ -40,3 +40,8 @@ runs:
       with:
         secrets: ${{ steps.parse_secrets.outputs.secrets-list }}
         export_to_environment: ${{ inputs.export-to-environment }}
+    - name: "Set outputs"
+      run: |
+        for secret in $(echo "${{ steps.parse_secrets.outputs.secret-names }}" | sed "s/,/ /g"); do
+          echo "${secret}=${{ steps.secrets.outputs.${secret} }}" >> $GITHUB_OUTPUT
+        done
diff --git a/actions/gcp-gsm-parse-secrets/main.py b/actions/gcp-gsm-parse-secrets/main.py
@@ -44,7 +44,7 @@ def parse_secret(secret, project_name, delim=DEFAULT_DELIMITER):
     out = f"{secret_name}:{project_name}/{components[0]}"
     if len(components) == 2 and len(components[1]) != 0:
         out += f"/{components[1]}"
-    return out
+    return out, secret_name
 
 
 def main(
@@ -56,10 +56,18 @@ def main(
     input_secrets = set(input_secrets.splitlines())
 
     output = ""
+    parsed_secret_names = []
     for secret in input_secrets:
-        output += parse_secret(secret, gcp_project, github_output_delimter) + "\n"
+        parsed_secret, parsed_secret_name = (
+            parse_secret(secret, gcp_project, github_output_delimter) + "\n"
+        )
+        output += parsed_secret
+        parsed_secret_names.append(parsed_secret_name)
 
     set_github_action_output("secrets-list", output, github_output_delimter)
+    set_github_action_output(
+        "secret-names", ",".join(parsed_secret_names), github_output_delimter
+    )
 
 
 if __name__ == "__main__":

diff --git a/docs/actions/gcp-gsm-load-secrets/README.md b/docs/actions/gcp-gsm-load-secrets/README.md
@@ -47,9 +47,9 @@ To load a secret from GSM figure out the following:
 
 <!-- AUTO-DOC-OUTPUT:START - Do not remove or modify this section -->
 
-| OUTPUT  | TYPE   | DESCRIPTION                        |
-| ------- | ------ | ---------------------------------- |
-| secrets | string | Secrets loaded from Secret Manager |
+| OUTPUT       | TYPE   | DESCRIPTION                          |
+| ------------ | ------ | ------------------------------------ |
+| secret-names | string | Comma-separated list of secret names |
 
 <!-- AUTO-DOC-OUTPUT:END -->