feat(): make secrets parameter optional (#299)

2025-11-07 07:06:56 +00:00 · 2022-04-07 06:10:23 -07:00 · 2022-04-07 06:10:23 -07:00 · c14a190aaa
commit c14a190aaa
parent 843e7fa30a
4 changed files with 16 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -388,7 +388,7 @@ Here are all the inputs available through `with`:
 | Input               | Description                                                                                                                                          | Default | Required |
 | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- |
 | `url`               | The URL for the vault endpoint                                                                                                                       |         | ✔        |
-| `secrets`           | A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details |         | ✔        |
+| `secrets`           | A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details |         |          |
 | `namespace`         | The Vault namespace from which to query secrets. Vault Enterprise only, unset by default                                                             |         |          |
 | `method`            | The method to use to authenticate with Vault.                                                                                                        | `token` |          |
 | `role`              | Vault role for specified auth method                                                                                                                 |         |          |
--- a/action.yml
+++ b/action.yml
@ -6,7 +6,7 @@ inputs:
    required: true
  secrets:
    description: 'A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details'
-    required: true
+    required: false
  namespace:
    description: 'The Vault namespace from which to query secrets. Vault Enterprise only, unset by default'
    required: false
--- a/src/action.js
+++ b/src/action.js
@ -14,7 +14,7 @@ async function exportSecrets() {
    const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
    const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false';

-    const secretsInput = core.getInput('secrets', { required: true });
+    const secretsInput = core.getInput('secrets', { required: false });
    const secretRequests = parseSecretsInput(secretsInput);

    const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
@ -103,6 +103,10 @@ async function exportSecrets() {
 * @param {string} secretsInput
 */
 function parseSecretsInput(secretsInput) {
+    if (!secretsInput) {
+      return []
+    }
+
    const secrets = secretsInput
        .split(';')
        .filter(key => !!key)
--- a/src/action.test.js
+++ b/src/action.test.js
@ -331,4 +331,13 @@ with blank lines
        expect(command.issue).toBeCalledWith('add-mask', 'with blank lines');
        expect(core.setOutput).toBeCalledWith('key', multiLineString);
    })
+
+  it('export only Vault token, no secrets', async () => {
+    mockExportToken("true")
+
+    await exportSecrets();
+
+    expect(core.exportVariable).toBeCalledTimes(1);
+    expect(core.exportVariable).toBeCalledWith('VAULT_TOKEN', 'EXAMPLE');
+  })
 });