search

jwsi / secret-parser

Replaces GitHub Actions secrets referenced in files with their raw values
MIT License
25 stars 9 forks source link

More detail about patterns #1

Open OlivierChirouze opened 2 years ago

OlivierChirouze commented 2 years ago

Hi and thanks for your github action.

This might sound basic, but I'm having trouble to making sure the action is working fine for me. I believe it is doing the replacement, but since it breaks my build afterwards, I suspect it is maybe doing too much replacement.

And what's confusing is that your example in readme is using the same string for both the key in the JSON and the secret name. When you put secret-name: important_value as an example, it's not clear to me to what it refers: it could be the json key or the name of the secret key.

In my case, it looks like this:

{
...
"private_key_id": "${{ secrets.GOOGLE_PRIVATE_KEY_ID }}"
...}

and of course the secret name is GOOGLE_PRIVATE_KEY_ID

My first intuition was to use the following config:

          secret-name: private_key_id
          secret-value: ${{ secrets.GOOGLE_PRIVATE_KEY_ID }}

Bad choice! It failed. So I tried

          secret-name: GOOGLE_PRIVATE_KEY_ID
          secret-value: ${{ secrets.GOOGLE_PRIVATE_KEY_ID }}

Now the action works, but surprisingly I get a JSON parse error later in the process, which I suspect to be related even if there is a slight chance it's not:

SyntaxError: Unexpected token 
 in JSON at position 177
    at JSON.parse (<anonymous>)

Would you spot my mistake, and additional, would you consider rephrase the Readme to make it more explicit? Or is it mandatory to use the same key name?

Thanks!

OlivierChirouze commented 2 years ago

I think what is wrong is that my secret value includes \n that are not escaped when set as JSON property value. I made a script that removes the line breaks and it seems to fix the unexpected token issue.

I've also used https://github.com/nektos/act to help me debug locally.