Skip to content

feat: expose pulled secrets as json output#1

Merged
BK1031 merged 1 commit into
mainfrom
bk1031/secret-outputs
Jun 27, 2026
Merged

feat: expose pulled secrets as json output#1
BK1031 merged 1 commit into
mainfrom
bk1031/secret-outputs

Conversation

@BK1031

@BK1031 BK1031 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor
  • Exposes pulled Vault secrets as a secrets_json action output for later step and action inputs.
  • Parses simple and multiline GitHub env-file values into the JSON output.
  • Extends the smoke workflow to verify both env var and step output consumption paths.

@BK1031 BK1031 marked this pull request as ready for review June 27, 2026 05:58
@BK1031 BK1031 merged commit fa8269e into main Jun 27, 2026
1 check passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ccf2ef65f0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread pull-secrets.sh
Comment on lines +64 to +66
if [[ "$line" == *"<<"* ]]; then
name="${line%%<<*}"
delimiter="${line#*<<}"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Parse heredoc syntax only before the value

When Vault returns a valid single-line env-file entry whose secret value contains << (for example TOKEN=abc<<def), GitHub still treats it as the documented name=value form, but this parser enters the multiline branch, turns the key into TOKEN=abc, and consumes following lines until def. That makes secrets_json omit or corrupt this and subsequent secrets even though they are correctly appended to GITHUB_ENV; the multiline check should only match the NAME<<DELIMITER header form, not any occurrence of << in the line.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant