Add API route to list org secrets

models/secret/secret.go

@@ -88,3 +88,8 @@ func FindSecrets(ctx context.Context, opts FindSecretsOptions) ([]*Secret, error
 		Where(opts.toConds()).
 		Find(&secrets)
 }
+
+// CountSecrets counts the secrets
+func CountSecrets(ctx context.Context, opts *FindSecretsOptions) (int64, error) {
+	return db.GetEngine(ctx).Where(opts.toConds()).Count(new(Secret))
+}

modules/structs/secret.go

@@ -0,0 +1,15 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package structs
+
+import "time"
+
+// User represents a secret
+// swagger:model
+type Secret struct {
+	// the secret's name
+	Name string `json:"name"`
+	// swagger:strfmt date-time
+	Created time.Time `json:"created_at"`
+}

routers/api/v1/api.go

@@ -1298,6 +1298,9 @@ func Routes() *web.Route {
 				m.Combo("/{username}").Get(reqToken(), org.IsMember).
 					Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
 			})
+			m.Group("/actions/secrets", func() {
+				m.Get("", reqToken(), reqOrgOwnership(), org.ListActionsSecrets)
+			})
 			m.Group("/public_members", func() {
 				m.Get("", org.ListPublicMembers)
 				m.Combo("/{username}").Get(org.IsPublicMember).

routers/api/v1/org/action.go

@@ -0,0 +1,72 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package org
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models/secret"
+	"code.gitea.io/gitea/modules/context"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/routers/api/v1/utils"
+)
+
+// ListActionsSecrets list an organization's actions secrets
+func ListActionsSecrets(ctx *context.APIContext) {
+	// swagger:operation GET /orgs/{org}/actions/secrets organization orgListActionsSecrets
+	// ---
+	// summary: List an organization's actions secrets
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/SecretList"
+
+	listActionsSecrets(ctx)
+}
+
+// listActionsSecrets list an organization's actions secrets
+func listActionsSecrets(ctx *context.APIContext) {
+	opts := &secret.FindSecretsOptions{
+		OwnerID:     ctx.Org.Organization.ID,
+		ListOptions: utils.GetListOptions(ctx),
+	}
+
+	count, err := secret.CountSecrets(ctx, opts)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+
+	secrets, err := secret.FindSecrets(ctx, *opts)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+
+	apiSecrets := make([]*api.Secret, len(secrets))
+	for k, v := range secrets {
+		apiSecrets[k] = &api.Secret{
+			Name:    v.Name,
+			Created: v.CreatedUnix.AsTime(),
+		}
+	}
+
+	ctx.SetTotalCountHeader(count)
+	ctx.JSON(http.StatusOK, apiSecrets)
+}

routers/api/v1/swagger/action.go

@@ -0,0 +1,13 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package swagger
+
+import api "code.gitea.io/gitea/modules/structs"
+
+// SecretList
+// swagger:response SecretList
+type swaggerResponseSecretList struct {
+	// in:body
+	Body []api.Secret `json:"body"`
+}