add secrets publishing

README.md

@@ -93,6 +93,24 @@ jobs:
         workingDirectory: 'subfoldername'
 ```
 
+[Worker secrets](https://developers.cloudflare.com/workers/tooling/wrangler/secrets/) can be optionally passed as a new line deliminated string of names in `secrets`.  Each secret name must match an environment variable name specified in the `env` attribute.  Creates or replaces the value for the Worker secret using the `wrangler secret put` command.
+
+```yaml
+jobs:
+  deploy:
+    steps:
+      uses: cloudflare/wrangler-action@1.1.0
+      with:
+        apiToken: ${{ secrets.CF_API_TOKEN }}
+        workingDirectory: 'subfoldername'
+        secrets: |
+            SECRET1
+            SECRET2
+      env:
+        SECRET1: ${{ secrets.SECRET1 }}
+        SECRET2: ${{ secrets.SECRET2 }}
+```
+
 ## Use cases
 
 ### Deploying when commits are merged to master

action.yml

@@ -1,11 +1,11 @@
-name: 'Deploy to Cloudflare Workers with Wrangler'
+name: "Deploy to Cloudflare Workers with Wrangler"
 branding:
-  icon: 'upload-cloud'
-  color: 'orange'
-description: 'Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler'
+  icon: "upload-cloud"
+  color: "orange"
+description: "Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler"
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
+  using: "docker"
+  image: "Dockerfile"
 inputs:
   apiKey:
     description: "(Legacy) Your Cloudflare API Key"
@@ -19,3 +19,6 @@ inputs:
     description: "The relative path which Wrangler commands should be run from"
   wranglerVersion:
     description: "The version of Wrangler you'd like to use to publish your Workers project"
+  secrets:
+    description: "A new line deliminated string of environment variable names that should be configured as Worker secrets"
+    required: false

entrypoint.sh

@@ -58,12 +58,28 @@ then
   cd "$INPUT_WORKINGDIRECTORY"
 fi
 
-# If an environment is detected as input
+secret_not_found() {
+  echo "::error::Specified secret \"$1\" not found in environment variables."
+  exit 1
+}
+
+# If an environment is detected as input, for each secret specified get the value of
+# the matching named environment variable then configure using wrangler secret put.
 if [ -z "$INPUT_ENVIRONMENT" ]
 then
   wrangler publish
+
+  for SECRET in $INPUT_SECRETS; do
+    VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
+    echo "$VALUE" | wrangler secret put "$SECRET"
+  done
 else
   wrangler publish -e "$INPUT_ENVIRONMENT"
+
+  for SECRET in $INPUT_SECRETS; do
+    VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
+    echo "$VALUE" | wrangler secret put "$SECRET" --env "$INPUT_ENVIRONMENT"
+  done
 fi
 
 # If a working directory is detected as input, revert to the