fix: some errorhandling corrections

chore: updated versions

.forgejo/workflows/release.yml

@@ -13,12 +13,12 @@ jobs:
     runs-on: docker
     steps:
       - name: 📤 Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: ⚙️ Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
-          go-version: 1.25
+          go-version: 1.26
 
       - name: ⚙️ Install dependencies
         run: |
@@ -26,19 +26,19 @@ jobs:
 
       - name: 👨🏻‍🔧 Build app
         run: |
-          go build -o ${{ env.build_name }}
+          CGO_ENABLED=0 go build -o "${{ env.build_name }}"  -ldflags="-s -w"
 
       - name: 🤠 Create release
         run: |
           set -e
 
-          echo "Creating release for ${{ env.GITHUB_REPOSITORY}} with tag ${{ env.GITHUB_REF_NAME }}"
+          echo "Creating release for ${{ github.repository }} with tag ${{ github.ref_name }}"
 
           REQUEST=$(curl --fail --request POST \
-          --url ${{ env.GITHUB_API_URL }}/repos/${{ env.GITHUB_REPOSITORY }}/releases \
+          --url ${{ env.GITHUB_API_URL }}/repos/${{ github.repository }}/releases \
           --header 'Authorization: token ${{ secrets.GIT_TOKEN }}' \
           --header 'content-type: application/json' \
-          --data '{ "tag_name": "${{ env.GITHUB_REF_NAME }}" }')
+          --data '{ "tag_name": "${{ github.ref_name }}" }')
 
           ls -lh ${{ env.build_name }}
 
@@ -47,6 +47,6 @@ jobs:
           echo "Uploading release asset for Release ID ${RELEASE_ID}"
 
           curl --fail --request POST \
-          --url ${{ env.GITHUB_API_URL }}/repos/${{ env.GITHUB_REPOSITORY }}/releases/${RELEASE_ID}/assets?name=${{ env.build_name }} \
+          --url ${{ env.GITHUB_API_URL }}/repos/${{ github.repository  }}/releases/${RELEASE_ID}/assets?name=${{ env.build_name }} \
           --header 'Authorization: token ${{ secrets.GIT_TOKEN }}' \
           -F 'attachment=@${{ env.build_name}}'

.gitignore

@@ -0,0 +1,27 @@
+### Go template
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+go.work.sum
+
+# env file
+.env
+

README.md

@@ -15,7 +15,7 @@
 ## usage
 
 In this example we assume that there is a Secret on Path "${{ secrets.VAULT_PATH}}" and there is a KVSecret named "test".
-In the "Output secret" step we output above mentioned KVSecret "test". We access the outputs of the secrets step.
+In the "Output secret" step we output KVSecret "test" mentioned above. We access the outputs of the secrets step.
 
 Keep in mind to set an id on the actions step and use that to reference the outputted secrets. 
 

action.yml

@@ -2,10 +2,6 @@ name: STACKIT Secrets Manager Secret Fetcher
 description: Connects to Secrets Manager using a Go app, gets all secrets under a path, and outputs them.
 
 inputs:
-  go_version:
-    description: The version of Go to use for building the application.
-    required: false
-    default: 1.24.x
   vault_addr:
     description: You could optionally override the address.
     required: false
@@ -23,7 +19,7 @@ inputs:
   debug:
     description: Turn on debugging logs.
     required: false
-    default: false
+    default: 'false'
   version:
     description: The version of the action.
     required: false
@@ -32,6 +28,7 @@ inputs:
 outputs:
   secrets:
     description: A JSON object string containing all the fetched secrets.
+    value: ${{ steps.secrets.outputs.stdout }}
 
 runs:
   using: composite

config/config.go

@@ -45,7 +45,10 @@ func FatalLog(format string, args ...interface{}) {
 func ValidateConfig(
 	cfg Config,
 ) Config {
-	defaults.Set(&cfg)
+	err := defaults.Set(&cfg)
+	if err != nil {
+		FatalLog("unable to set defaults")
+	}
 
 	if cfg.VaultAddr == "" {
 		FatalLog("VAULT_ADDR cannot be empty")

go.mod

@@ -1,21 +1,21 @@
 module secretsmanager
 
-go 1.24.3
+go 1.26.3
 
 require (
-	github.com/caarlos0/env/v11 v11.3.1
+	github.com/caarlos0/env/v11 v11.4.1
 	github.com/creasty/defaults v1.8.0
 	github.com/hashicorp/vault-client-go v0.4.3
 )
 
 require (
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/stretchr/testify v1.10.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/sys v0.44.0 // indirect
-	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
+	golang.org/x/time v0.15.0 // indirect
 )

go.sum

@@ -1,5 +1,9 @@
 github.com/caarlos0/env/v11 v11.3.1 h1:cArPWC15hWmEt+gWk7YBi7lEXTXCvpaSdCiZE2X5mCA=
 github.com/caarlos0/env/v11 v11.3.1/go.mod h1:qupehSf/Y0TUTsxKywqRt/vJjN5nz6vauiYEUUr8P4U=
+github.com/caarlos0/env/v11 v11.4.0 h1:Kcb6t5kIIr4XkoQC9AF2j+8E1Jsrl3Wz/hhm1LtoGAc=
+github.com/caarlos0/env/v11 v11.4.0/go.mod h1:qupehSf/Y0TUTsxKywqRt/vJjN5nz6vauiYEUUr8P4U=
+github.com/caarlos0/env/v11 v11.4.1 h1:fYwH0sWEsBSMPG7t4e/PEfTFzrWrpjyygXyUnWiSwEw=
+github.com/caarlos0/env/v11 v11.4.1/go.mod h1:qupehSf/Y0TUTsxKywqRt/vJjN5nz6vauiYEUUr8P4U=
 github.com/creasty/defaults v1.8.0 h1:z27FJxCAa0JKt3utc0sCImAEb+spPucmKoOdLHvHYKk=
 github.com/creasty/defaults v1.8.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbDy08fPzYM=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -12,6 +16,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
+github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
@@ -32,7 +38,13 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
+golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -1,8 +1,8 @@
 package main
 
 import (
-	"log"
 	"fmt"
+	"log"
 
 	"secretsmanager/config"
 	"secretsmanager/secretsmanager"
@@ -19,7 +19,10 @@ func main() {
 	cfg = config.ValidateConfig(cfg)
 
 	s := secretsmanager.InitializeClient(cfg)
-	data, _ := secretsmanager.GetSecrets(&s, cfg)
+	data, err := secretsmanager.GetSecrets(&s, cfg)
+	if err != nil {
+		log.Fatalf("Error retrieving secrets: %s", err)
+	}
 
 	for _, secret := range data {
 		fmt.Println(secret)

secretsmanager/client.go

@@ -35,7 +35,10 @@ func InitializeClient(
 		config.FatalLog("Vault login request failed: %s", err)
 	}
 	config.InfoLog("Login successful. Token received.")
-	s.Client.SetToken(loginResp.Auth.ClientToken)
+	err = s.Client.SetToken(loginResp.Auth.ClientToken)
+	if err != nil {
+		config.FatalLog("Vault login could not set token: %s", err)
+	}
 
 	return s
 }

secretsmanager/secrets.go

@@ -3,7 +3,6 @@ package secretsmanager
 import (
 	"fmt"
 	"secretsmanager/config"
-	"log"
 
 	"github.com/hashicorp/vault-client-go"
 )
@@ -16,13 +15,11 @@ func GetSecrets(
 	config.InfoLog("Attempting to read secret from mount '%s' at path '%s'", cfg.VaultSecretsManagerID, cfg.VaultPath)
 	secret, err := s.Client.Secrets.KvV2Read(s.Ctx, cfg.VaultPath, vault.WithMountPath(cfg.VaultSecretsManagerID))
 	if err != nil {
-		log.Fatalf("Failed to read secret from vault: %v", err)
 		return nil, fmt.Errorf("failed to read secret from vault: %w", err)
 	}
 
 	if secret == nil || secret.Data.Data == nil {
-		log.Fatal("No data found at the specified secret path.")
+		return []string{}, fmt.Errorf("no data found at the specified secret path")
-		return []string{}, nil
 	}
 
 	var secretsAsKeyValue []string