Merge pull request #28 from bradyjoslin/master

add secrets publishing

.github/workflows/deploy.yml

@@ -46,3 +46,20 @@ jobs:
         environment: "production"
         wranglerVersion: '1.5.0'
         workingDirectory: 'test'
+  publish_secrets:
+    runs-on: ubuntu-latest
+    name: Publish app with secrets
+    steps:
+      - uses: actions/checkout@v2
+      - name: Publish app
+        uses: ./
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          environment: "production"
+          workingDirectory: "test"
+          secrets: |
+            SECRET1
+            SECRET2
+        env:
+          SECRET1: ${{ secrets.SECRET1 }}
+          SECRET2: ${{ secrets.SECRET2 }}

README.md

@@ -93,6 +93,24 @@ jobs:
         workingDirectory: 'subfoldername'
 ```
 
+[Worker secrets](https://developers.cloudflare.com/workers/tooling/wrangler/secrets/) can be optionally passed as a new line deliminated string of names in `secrets`.  Each secret name must match an environment variable name specified in the `env` attribute.  Creates or replaces the value for the Worker secret using the `wrangler secret put` command.
+
+```yaml
+jobs:
+  deploy:
+    steps:
+      uses: cloudflare/wrangler-action@1.1.0
+      with:
+        apiToken: ${{ secrets.CF_API_TOKEN }}
+        workingDirectory: 'subfoldername'
+        secrets: |
+            SECRET1
+            SECRET2
+      env:
+        SECRET1: ${{ secrets.SECRET1 }}
+        SECRET2: ${{ secrets.SECRET2 }}
+```
+
 ## Use cases
 
 ### Deploying when commits are merged to master

action.yml

@@ -1,11 +1,11 @@
-name: 'Deploy to Cloudflare Workers with Wrangler'
+name: "Deploy to Cloudflare Workers with Wrangler"
 branding:
-  icon: 'upload-cloud'
-  color: 'orange'
-description: 'Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler'
+  icon: "upload-cloud"
+  color: "orange"
+description: "Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler"
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
+  using: "docker"
+  image: "Dockerfile"
 inputs:
   apiKey:
     description: "(Legacy) Your Cloudflare API Key"
@@ -19,3 +19,6 @@ inputs:
     description: "The relative path which Wrangler commands should be run from"
   wranglerVersion:
     description: "The version of Wrangler you'd like to use to publish your Workers project"
+  secrets:
+    description: "A new line deliminated string of environment variable names that should be configured as Worker secrets"
+    required: false

entrypoint.sh

@@ -58,12 +58,28 @@ then
   cd "$INPUT_WORKINGDIRECTORY"
 fi
 
-# If an environment is detected as input
+secret_not_found() {
+  echo "::error::Specified secret \"$1\" not found in environment variables."
+  exit 1
+}
+
+# If an environment is detected as input, for each secret specified get the value of
+# the matching named environment variable then configure using wrangler secret put.
 if [ -z "$INPUT_ENVIRONMENT" ]
 then
   wrangler publish
+
+  for SECRET in $INPUT_SECRETS; do
+    VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
+    echo "$VALUE" | wrangler secret put "$SECRET"
+  done
 else
   wrangler publish -e "$INPUT_ENVIRONMENT"
+
+  for SECRET in $INPUT_SECRETS; do
+    VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
+    echo "$VALUE" | wrangler secret put "$SECRET" --env "$INPUT_ENVIRONMENT"
+  done
 fi
 
 # If a working directory is detected as input, revert to the

test/workers-site/index.js

@@ -34,6 +34,14 @@ async function handleEvent(event) {
    */
   // options.mapRequestToAsset = handlePrefix(/^\/docs/)
 
+  // Path to test secrets passed through Wrangler Action.  Create SECRET1 and SECRET2 secrets
+  // in the Action repo to something innocuous like "Hello" and "World!".
+  if (url.pathname === "/secret") {
+    let sec1 = (typeof SECRET1 !== 'undefined') ? SECRET1 : ""
+    let sec2 = (typeof SECRET2 !== 'undefined') ? SECRET2 : ""
+    return new Response(`${sec1} ${sec2}`)
+  }
+  
   try {
     if (DEBUG) {
       // customize caching