Skip to content
Propagate Repository Secrets2

Sync Repository Secrets #6

Sign in to view logs

Sync Repository Secrets

Sync Repository Secrets #6

Workflow file for this run

.github/workflows/s2.yaml at 5fa3f42
name: Propagate Repository Secrets2
on:
workflow_dispatch:
jobs:
get-mappings:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- id: set-matrix
run: |
MATRIX=$(jq -c '{ include: [ to_entries[] | { secret: .key, repos: .value } ] }' mapping.json)
echo "matrix=$MATRIX" >> $GITHUB_OUTPUT
propagate:
needs: get-mappings
runs-on: ubuntu-latest
strategy:
matrix: ${{fromJson(needs.get-mappings.outputs.matrix)}}
fail-fast: false
steps:
- name: Propagate Secret
env:
GITHUB_ORG: ${{ github.repository_owner }}
PAT: ${{ secrets.SECRETS_TOKEN }}
run: |
SECRET_VALUE="${{ secrets[matrix.secret] }}"
echo '${{ toJson(matrix.repos) }}' | jq -r '.[]' | while read -r repo; do
if [ ! -z "$repo" ]; then
FULL_REPO="$GITHUB_ORG/$repo"
echo "Getting public key for $FULL_REPO"
# Get public key first
KEY_RESPONSE=$(curl -sL \
-H "Authorization: Bearer $PAT" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$FULL_REPO/actions/secrets/public-key")
KEY=$(echo $KEY_RESPONSE | jq -r '.key')
KEY_ID=$(echo $KEY_RESPONSE | jq -r '.key_id')
echo "Setting ${{ matrix.secret }} for repository $FULL_REPO"
curl -sL \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$FULL_REPO/actions/secrets/${{ matrix.secret }}" \
-d "{\"encrypted_value\":\"$SECRET_VALUE\",\"key_id\":\"$KEY_ID\"}"
fi
done