This action will scan all your YAML files for secrets and makes a secrets.yaml that can be used by other actions.

We don't want our secrets.yaml file to be checked in and this can cause some challenges when want to verify or built a project. Having a separate secrets.yaml for CI/CD is a nice solution, but requires manual updates and usually you find out after a failed workflow that you forgot to update.

With this action you can generate a secrets.yaml file with some rules that are applicable to your project. And your CI/CD will be happy again.

This action is designed to work well with:

• esphome/build-action
• frenck/action-home-assistant

You can use this action in your workflow as desired, see the following example.

name: CI

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v3

      - name: Mock secrets
        uses: golles/mock-yaml-secrets-action@v1
        with:
          configFile: '.github/workflows/mock-secrets-config.json'

      - name: Build software
        run: echo done # Your build that requires a secret file.

Configuration is provided in a JSON file, the file is required but can contain an empty object {} for defaults. In the example above the file is located at .github/workflows/mock-secrets-config.json.

Rules are applied in the order they are provided, after a successful match no other rules are attempted. A regular expression should be used as the key, the value will be used as a secret.

{
  "directory": "./",
  "excludePaths": [".github", ".vscode"],
  "secretFile": "secrets.yaml",
  "defaultValue": "secret",
  "rules": {
    ".*_ip": "10.0.0.12",
    ".*_mac": "00:00:00:00:00:00",
    ".*_url": "https://foo.bar",
    "network_subnet": "10.0.0.0/8",
    "encryption_key": "12345678901234567890123456789012"
  }
}

Technical note: the regular expression is tested with new RegExp(rule).test() More info on mozilla.org