name: STACKIT Secrets Manager Secret Fetcher
description: Connects to Secrets Manager using a Go app, gets all secrets under a path, and outputs them.

inputs:
  go_version:
    description: The version of Go to use for building the application.
    required: false
    default: 1.24.x
  vault_addr:
    description: You could optionally override the address.
    required: false
  vault_id:
    description: The ID of your Secrets Manager Instance.
    required: true
  vault_username:
    description: The Vault username to use for authentication.
    required: true
  vault_password:
    description: The Vault password to use for authentication.
  vault_path:
    description: The path in Vault where the secrets are stored (e.g., secret/data/my-app).
    required: true
  debug:
    description: Turn on debugging logs.
    required: false
    default: false

outputs:
  secrets:
    description: A JSON object string containing all the fetched secrets.

runs:
  using: composite
  steps:
    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ inputs.go_version }}

    - name: Check out action code
      uses: actions/checkout@v4
      with: 
        repository: actions/secretsmanager
        ref: main
        github-server-url: https://stackit-solutions.git.onstackit.cloud

    - name: Run Vault Fetcher and set output
      id: secrets
      run: |
        go mod tidy
        go run main.go >> $GITHUB_OUTPUT
      shell: bash
      env:
        VAULT_ADDR: ${{ inputs.vault_addr }}
        VAULT_ID: ${{ inputs.vault_id }}
        VAULT_USERNAME: ${{ inputs.vault_username }}
        VAULT_PASSWORD: ${{ inputs.vault_password }}
        VAULT_PATH: ${{ inputs.vault_path }}
        DEBUG: ${{ inputs.debug }}