feat: expose pulled secrets as json output#1
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ccf2ef65f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if [[ "$line" == *"<<"* ]]; then | ||
| name="${line%%<<*}" | ||
| delimiter="${line#*<<}" |
There was a problem hiding this comment.
Parse heredoc syntax only before the value
When Vault returns a valid single-line env-file entry whose secret value contains << (for example TOKEN=abc<<def), GitHub still treats it as the documented name=value form, but this parser enters the multiline branch, turns the key into TOKEN=abc, and consumes following lines until def. That makes secrets_json omit or corrupt this and subsequent secrets even though they are correctly appended to GITHUB_ENV; the multiline check should only match the NAME<<DELIMITER header form, not any occurrence of << in the line.
Useful? React with 👍 / 👎.
secrets_jsonaction output for later step and action inputs.