chore: bump version [skip ci]

VERSION

@@ -1 +1 @@
-1.3.0
+1.9.0

helm/upgrade/action.yml

@@ -37,26 +37,38 @@ runs:
   steps:
     - name: Helm OCI Login
       shell: sh
+      env:
+        REGISTRY: ${{ inputs.REGISTRY }}
+        REGISTRY_USERNAME: ${{ inputs.REGISTRY_USERNAME }}
+        REGISTRY_TOKEN: ${{ inputs.REGISTRY_TOKEN }}
       run: |
-        echo "${{ inputs.REGISTRY_TOKEN }}" | helm registry login ${{ inputs.REGISTRY }} \
+        echo "$REGISTRY_TOKEN" | helm registry login "$REGISTRY" \
-          --username ${{ inputs.REGISTRY_USERNAME }} \
+          --username "$REGISTRY_USERNAME" \
           --password-stdin
 
     - name: Helm Upgrade
       shell: sh
+      env:
+        DEPLOYMENT_NAME: ${{ inputs.DEPLOYMENT_NAME }}
+        DEPLOYMENT_NAMESPACE: ${{ inputs.DEPLOYMENT_NAMESPACE }}
+        CHART_PATH: ${{ inputs.CHART_PATH }}
+        VALUES_FILE: ${{ inputs.VALUES_FILE }}
+        IMAGE_PATH: ${{ inputs.IMAGE_PATH }}
+        IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+        TAG_KEY: ${{ inputs.TAG_KEY }}
       run: |
-        NAMESPACE="${{ inputs.DEPLOYMENT_NAMESPACE }}"
+        NAMESPACE="$DEPLOYMENT_NAMESPACE"
-        if [ -z "$NAMESPACE" ]; then NAMESPACE="${{ inputs.DEPLOYMENT_NAME }}"; fi
+        if [ -z "$NAMESPACE" ]; then NAMESPACE="$DEPLOYMENT_NAME"; fi
         SET_FLAGS=""
-        if [ -n "${{ inputs.TAG_KEY }}" ] && [ -n "${{ inputs.IMAGE_TAG }}" ]; then
+        if [ -n "$TAG_KEY" ] && [ -n "$IMAGE_TAG" ]; then
-          SET_FLAGS="$SET_FLAGS --set ${{ inputs.TAG_KEY }}=${{ inputs.IMAGE_TAG }}"
+          SET_FLAGS="$SET_FLAGS --set $TAG_KEY=$IMAGE_TAG"
         fi
-        if [ -n "${{ inputs.IMAGE_PATH }}" ]; then
+        if [ -n "$IMAGE_PATH" ]; then
-          SET_FLAGS="$SET_FLAGS --set image.repository=${{ inputs.IMAGE_PATH }}"
+          SET_FLAGS="$SET_FLAGS --set image.repository=$IMAGE_PATH"
         fi
-        helm dependency update ${{ inputs.CHART_PATH }}
+        helm dependency update "$CHART_PATH"
-        echo "Running: helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${NAMESPACE} --values ${{ inputs.VALUES_FILE }}${SET_FLAGS}"
+        echo "Running: helm upgrade $DEPLOYMENT_NAME $CHART_PATH -n $NAMESPACE --values $VALUES_FILE$SET_FLAGS"
-        helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${NAMESPACE} --values ${{ inputs.VALUES_FILE }} $SET_FLAGS
+        helm upgrade "$DEPLOYMENT_NAME" "$CHART_PATH" -n "$NAMESPACE" --values "$VALUES_FILE" $SET_FLAGS
 
     - name: Remove kubeconfig
       if: always()

infisical/fetch-secret/action.yml

@@ -24,7 +24,7 @@ inputs:
     default: "/"
 outputs:
   value:
-    description: "The fetched secret value"
+    description: "The fetched secret value (base64-encoded)"
     value: ${{ steps.fetch.outputs.value }}
 
 runs:
@@ -61,8 +61,11 @@ runs:
           exit 1
         fi
 
+        B64=$(printf '%s' "$VALUE" | base64 | tr -d '\n')
+        echo "::add-mask::$B64"
+
         DELIMITER="INFISICAL_EOF_$$"
         echo "value<<${DELIMITER}" >> "$GITHUB_OUTPUT"
-        echo "$VALUE" >> "$GITHUB_OUTPUT"
+        printf '%s\n' "$B64" >> "$GITHUB_OUTPUT"
         echo "${DELIMITER}" >> "$GITHUB_OUTPUT"
         echo "Successfully fetched secret '${{ inputs.SECRET_NAME }}'"

kubectl/configure/action.yml

@@ -2,7 +2,7 @@ name: Configure Kubectl
 description: Configure kubectl for use with Kubernetes
 inputs:
   K8S_CONFIG:
-    description: "The RAW Kubernetes config"
+    description: "The base64-encoded Kubernetes config"
     required: true
   K8S_NAMESPACE:
     description: "The K8S namespace"
@@ -14,20 +14,21 @@ inputs:
 runs:
   using: composite
   steps:
+    - name: Mask kubeconfig
+      shell: sh
+      env:
+        K8S_CONFIG: ${{ inputs.K8S_CONFIG }}
+      run: echo "::add-mask::$K8S_CONFIG"
+
     - name: Configure kubectl
       shell: sh
+      env:
+        K8S_CONFIG: ${{ inputs.K8S_CONFIG }}
       run: |
-        echo "Remove existing kubeconfig"
+        echo "Configuring kubectl for context=${{ inputs.K8S_CONTEXT }} namespace=${{ inputs.K8S_NAMESPACE }}"
         rm -f ~/.kube/config
-
-        echo "Re-creating .kube directory"
         mkdir -p ~/.kube
-
+        printf '%s' "$K8S_CONFIG" | base64 -d > ~/.kube/config
-        echo "Set kubeconfig"
-        echo "${{ inputs.K8S_CONFIG }}" > ~/.kube/config
-
-        echo "Set kubeconfig context"
         kubectl config set-context ${{ inputs.K8S_CONTEXT }} --cluster=${{ inputs.K8S_CONTEXT }} --namespace=${{ inputs.K8S_NAMESPACE }}
-
-        echo "Use kubeconfig context ${{ inputs.K8S_CONTEXT }}"
         kubectl config use-context ${{ inputs.K8S_CONTEXT }}
+        echo "kubectl configured successfully"