Merge pull request #4 from observeinc/joao/secrets

feat: synchronize github secrets to secretsmanager
observeinc · Apr 10, 2024 · 09b01e3 · 09b01e3
2 parents dbd133d + f5d3d65
commit 09b01e3
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/.github/workflows/tf-account.yaml b/.github/workflows/tf-account.yaml
@@ -126,6 +126,20 @@ jobs:
           role-session-name: ${{ github.sha }}
           aws-region: ${{ secrets.AWS_REGION }}
 
+      - name: Synchronize secrets
+        env:
+          SECRETS: ${{ toJSON(secrets) }}
+        shell: bash
+        run: |
+          LOCAL=`echo "$SECRETS" | jq 'with_entries(select(.key | startswith("X_")))'`
+          REMOTE=`aws secretsmanager get-secret-value --secret-id ${{ github.event.repository.name }} | jq -r .SecretString`
+          FILTERED=`echo ${REMOTE} | jq 'with_entries(select(.key | startswith("X_") | not))'`
+          MERGED=`echo ${LOCAL} ${REMOTE} | jq -s add`
+          if [[ "$MERGED" != "$REMOTE" ]]
+          then
+            aws secretsmanager put-secret-value --secret-id ${{ github.event.repository.name }} --secret-string="$MERGED"
+          fi
+
       - name: Terraform Init
         id: init
         run: |
@@ -222,4 +236,4 @@ jobs:
           fi
           terraform apply "${apply_args[@]}" -auto-approve       
          
-        
+