name: STACKIT Secrets Manager Secret Fetcher
description: Connects to Secrets Manager using a Go app, gets all secrets under a path, and outputs them.

inputs:
  go_version:
    description: The version of Go to use for building the application.
    required: false
    default: 1.24.x
  vault_addr:
    description: You could optionally override the address.
    required: false
  vault_id:
    description: The ID of your Secrets Manager Instance.
    required: true
  vault_username:
    description: The Vault username to use for authentication.
    required: true
  vault_password:
    description: The Vault password to use for authentication.
  vault_path:
    description: The path in Vault where the secrets are stored (e.g., secret/data/my-app).
    required: true
  debug:
    description: Turn on debugging logs.
    required: false
    default: false
  version:
    description: The version of the action.
    required: false
    default: 'v0'

outputs:
  secrets:
    description: A JSON object string containing all the fetched secrets.

runs:
  using: composite
  steps:
    - name: Run SecretsManager Action
      id: secrets
      run: |
        wget ${{ env.ACTION_URL }}/releases/download/${{ inputs.version }}/action-secretsmanager
        chmod +x action-secretsmanager
        ./action-secretsmanager >> $GITHUB_OUTPUT
      shell: bash
      env:
        VAULT_ADDR: ${{ inputs.vault_addr }}
        VAULT_ID: ${{ inputs.vault_id }}
        VAULT_USERNAME: ${{ inputs.vault_username }}
        VAULT_PASSWORD: ${{ inputs.vault_password }}
        VAULT_PATH: ${{ inputs.vault_path }}
        DEBUG: ${{ inputs.debug }}
        ACTION_URL: https://stackit-solutions.git.onstackit.cloud/actions/secretsmanager