add secrets publishing

This commit is contained in:
Joslin, Brady W (Brady) 2020-06-15 23:09:55 -05:00
parent 1202bb2fe9
commit 3123fc538b
3 changed files with 44 additions and 7 deletions

View file

@ -93,6 +93,24 @@ jobs:
workingDirectory: 'subfoldername'
```
[Worker secrets](https://developers.cloudflare.com/workers/tooling/wrangler/secrets/) can be optionally passed as a new line deliminated string of names in `secrets`. Each secret name must match an environment variable name specified in the `env` attribute. Creates or replaces the value for the Worker secret using the `wrangler secret put` command.
```yaml
jobs:
deploy:
steps:
uses: cloudflare/wrangler-action@1.1.0
with:
apiToken: ${{ secrets.CF_API_TOKEN }}
workingDirectory: 'subfoldername'
secrets: |
SECRET1
SECRET2
env:
SECRET1: ${{ secrets.SECRET1 }}
SECRET2: ${{ secrets.SECRET2 }}
```
## Use cases
### Deploying when commits are merged to master

View file

@ -1,11 +1,11 @@
name: 'Deploy to Cloudflare Workers with Wrangler'
name: "Deploy to Cloudflare Workers with Wrangler"
branding:
icon: 'upload-cloud'
color: 'orange'
description: 'Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler'
icon: "upload-cloud"
color: "orange"
description: "Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler"
runs:
using: 'docker'
image: 'Dockerfile'
using: "docker"
image: "Dockerfile"
inputs:
apiKey:
description: "(Legacy) Your Cloudflare API Key"
@ -19,3 +19,6 @@ inputs:
description: "The relative path which Wrangler commands should be run from"
wranglerVersion:
description: "The version of Wrangler you'd like to use to publish your Workers project"
secrets:
description: "A new line deliminated string of environment variable names that should be configured as Worker secrets"
required: false

View file

@ -58,12 +58,28 @@ then
cd "$INPUT_WORKINGDIRECTORY"
fi
# If an environment is detected as input
secret_not_found() {
echo "::error::Specified secret \"$1\" not found in environment variables."
exit 1
}
# If an environment is detected as input, for each secret specified get the value of
# the matching named environment variable then configure using wrangler secret put.
if [ -z "$INPUT_ENVIRONMENT" ]
then
wrangler publish
for SECRET in $INPUT_SECRETS; do
VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
echo "$VALUE" | wrangler secret put "$SECRET"
done
else
wrangler publish -e "$INPUT_ENVIRONMENT"
for SECRET in $INPUT_SECRETS; do
VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
echo "$VALUE" | wrangler secret put "$SECRET" --env "$INPUT_ENVIRONMENT"
done
fi
# If a working directory is detected as input, revert to the