-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
59 lines (59 loc) · 2.11 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: 'Sync Doppler to AWS Lambda'
description: 'Easy way to sync Doppler to AWS Lambda'
branding:
icon: 'package'
color: 'purple'
inputs:
doppler_token:
description: 'Doppler Token'
required: true
function_name:
description: 'Function Name'
required: true
aws_access_key_id:
description: 'AWS Access Key ID'
required: true
aws_secret_access_key:
description: 'AWS Secret Access Key'
required: true
aws_region:
description: 'AWS Region'
required: false
default: 'us-east-1'
extra_secrets:
description: 'Extra Secrets'
required: false
default: '{}'
runs:
using: "composite"
steps:
- run: |
echo Installing AWS CLI
curl -L -o install-aws.sh https://raw.githubusercontent.com/unfor19/install-aws-cli-action/master/entrypoint.sh && \
chmod +x install-aws.sh
sudo ./install-aws.sh "v2" "amd64"
rm install-aws.sh
echo Installing Doppler
(curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sudo bash
echo Exporting Envs
export DOPPLER_TOKEN=${{ inputs.doppler_token }}
export AWS_ACCESS_KEY_ID=${{ inputs.aws_access_key_id }}
export AWS_SECRET_ACCESS_KEY=${{ inputs.aws_secret_access_key }}
export AWS_DEFAULT_REGION=${{ inputs.aws_region }}
echo Masking Secrets
while read -r secret;
do
echo "::add-mask::${secret}"
done <<< "$(doppler secrets download --no-file | jq '.[]')"
while read -r secret;
do
echo "::add-mask::${secret}"
done <<< "$(echo ${{ inputs.extra_secrets }} | jq '.[]')"
echo Merging doppler secrets and extra secrets
doppler_secrets=$(doppler secrets download --no-file | jq '.')
extra_secrets=$(echo "${{ inputs.extra_secrets }}" | jq '.')
secrets=$(echo "$doppler_secrets $extra_secrets" | jq -s add)
echo Adding secrets into Lambda
aws lambda update-function-configuration --function-name ${{ inputs.function_name }} \
--environment "$(echo $secrets | jq '{Variables: .}')"
shell: bash