From 9bdddf18e0498cbf551eff76259c29a8a0cd91b4 Mon Sep 17 00:00:00 2001
From: Galen Abell <galen@galenabell.com>
Date: Mon, 17 Apr 2023 13:41:02 +0800
Subject: [PATCH] Parse secret inputs in reusable workflows (#41)

Secrets can be passed to reusable workflows, either explicitly by key or
implicitly by `inherit`:

https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow

Reviewed-on: https://gitea.com/gitea/act/pulls/41
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Galen Abell <galen@galenabell.com>
Co-committed-by: Galen Abell <galen@galenabell.com>
---
 pkg/jobparser/jobparser_test.go             |  5 +++++
 pkg/jobparser/model.go                      |  2 ++
 pkg/jobparser/testdata/has_secrets.in.yaml  | 14 ++++++++++++++
 pkg/jobparser/testdata/has_secrets.out.yaml | 16 ++++++++++++++++
 4 files changed, 37 insertions(+)
 create mode 100644 pkg/jobparser/testdata/has_secrets.in.yaml
 create mode 100644 pkg/jobparser/testdata/has_secrets.out.yaml

diff --git a/pkg/jobparser/jobparser_test.go b/pkg/jobparser/jobparser_test.go
index 6749cfa..6725785 100644
--- a/pkg/jobparser/jobparser_test.go
+++ b/pkg/jobparser/jobparser_test.go
@@ -37,6 +37,11 @@ func TestParse(t *testing.T) {
 			options: nil,
 			wantErr: false,
 		},
+		{
+			name:    "has_secrets",
+			options: nil,
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/pkg/jobparser/model.go b/pkg/jobparser/model.go
index 7d4906c..8e1d7bd 100644
--- a/pkg/jobparser/model.go
+++ b/pkg/jobparser/model.go
@@ -88,6 +88,7 @@ type Job struct {
 	Outputs        map[string]string         `yaml:"outputs,omitempty"`
 	Uses           string                    `yaml:"uses,omitempty"`
 	With           map[string]interface{}    `yaml:"with,omitempty"`
+	RawSecrets     yaml.Node                 `yaml:"secrets,omitempty"`
 }
 
 func (j *Job) Clone() *Job {
@@ -109,6 +110,7 @@ func (j *Job) Clone() *Job {
 		Outputs:        j.Outputs,
 		Uses:           j.Uses,
 		With:           j.With,
+		RawSecrets:     j.RawSecrets,
 	}
 }
 
diff --git a/pkg/jobparser/testdata/has_secrets.in.yaml b/pkg/jobparser/testdata/has_secrets.in.yaml
new file mode 100644
index 0000000..64b9f69
--- /dev/null
+++ b/pkg/jobparser/testdata/has_secrets.in.yaml
@@ -0,0 +1,14 @@
+name: test
+jobs:
+  job1:
+    name: job1
+    runs-on: linux
+    uses: .gitea/workflows/build.yml
+    secrets:
+      secret: hideme
+
+  job2:
+    name: job2
+    runs-on: linux
+    uses: .gitea/workflows/build.yml
+    secrets: inherit
diff --git a/pkg/jobparser/testdata/has_secrets.out.yaml b/pkg/jobparser/testdata/has_secrets.out.yaml
new file mode 100644
index 0000000..23dfb80
--- /dev/null
+++ b/pkg/jobparser/testdata/has_secrets.out.yaml
@@ -0,0 +1,16 @@
+name: test
+jobs:
+  job1:
+    name: job1
+    runs-on: linux
+    uses: .gitea/workflows/build.yml
+    secrets:
+      secret: hideme
+---
+name: test
+jobs:
+  job2:
+    name: job2
+    runs-on: linux
+    uses: .gitea/workflows/build.yml
+    secrets: inherit