Skip to content

Sync Repository Secrets #12

Sync Repository Secrets

Sync Repository Secrets #12

Workflow file for this run

name: Sync Repository Secrets
on:
workflow_dispatch: {}
jobs:
sync-secrets:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup GitHub CLI
run: |
gh auth login --with-token <<< "${{ secrets.GH_PAT }}"
- name: Process Secrets
env:
SECRETS: '${{ toJson(secrets) }}'
GITHUB_OWNER: ${{ github.repository_owner }}
run: |
# Read all secret names from mapping.json
SECRET_NAMES=$(jq -r 'keys[]' mapping.json)
# Process each secret
echo "$SECRET_NAMES" | while read -r secret_name; do
echo "Processing secret: $secret_name"
secret_value=$(jq -r --arg key "$secret_name" '.[$key]' <<< "$SECRETS")
if [ -z "$secret_value" ] || [ "$secret_value" = "null" ]; then
echo "Error: Secret '$secret_name' not found in source repository"
continue
fi
# Get target repositories for this secret
target_repos=$(jq -r --arg secret "$secret_name" '.[$secret][]' mapping.json)
# Sync to each target repository
echo "$target_repos" | while read -r repo; do
if [ ! -z "$repo" ]; then
echo "Creating/updating secret '$secret_name' in repository '$GITHUB_OWNER/$repo'"
gh secret set "$secret_name" -R "$GITHUB_OWNER/$repo" --body "$secret_value"
fi
done
done