feat: allow for multi line secrets (#224)

* feat: allow for multi line secrets

* split  on new line

* Update readme

* Fix test

* debug

* fix test

* fix

Co-authored-by: Bharath KKB <[email protected]>

Author: averikitsch

.github/workflows/deploy-cloudrun-it.yml

@@ -87,7 +87,9 @@ jobs:
         credentials: ${{ secrets.DEPLOY_CLOUDRUN_SA_KEY_JSON }}
         image: gcr.io/cloudrun/hello
         service: ${{ steps.service.outputs.service }}
-        secrets: MY_SECRET=secret_value:latest
+        secrets: |
+          MY_SECRET=secret_value:latest
+          MY_SECOND_SECRET=new_value:latest
 
     - name: Setup Authentication with gcloud
       uses: google-github-actions/setup-gcloud@master
@@ -101,7 +103,7 @@ jobs:
         URL: ${{ steps.deploy_1.outputs.url }}
         PROJECT_ID: ${{ secrets.DEPLOY_CLOUDRUN_PROJECT_ID }}
         SERVICE: ${{ steps.service.outputs.service }}
-        SECRET_ENV: MY_SECRET=secret_value:latest
+        SECRET_ENV: MY_SECRET=secret_value:latest,MY_SECOND_SECRET=new_value:latest
 
     - name: Update service with mounted secret
       id: deploy_2
@@ -118,7 +120,7 @@ jobs:
         URL: ${{ steps.deploy_2.outputs.url }}
         PROJECT_ID: ${{ secrets.DEPLOY_CLOUDRUN_PROJECT_ID }}
         SERVICE: ${{ steps.service.outputs.service }}
-        SECRET_ENV: MY_SECRET=secret_value:latest
+        SECRET_ENV: MY_SECRET=secret_value:latest,MY_SECOND_SECRET=new_value:latest
         SECRET_VOLUMES: /api/secrets/my-secret=secret_value:latest
         COUNT: 2
 

README.md

@@ -77,7 +77,7 @@ jobs:
 | `image`| Required if not using a service YAML via `metadata` input. | | Name of the container image to deploy (Example: `gcr.io/cloudrun/hello:latest`). |
 | `region`| _optional_ | `us-central1` | Region in which the resource can be found. |
 | `env_vars`| _optional_ | | List of key-value pairs to set as environment variables in the format: `KEY1=VALUE1,KEY2=VALUE2`. **All existing environment variables will be retained**. |
-| `secrets`| _optional_ | | List of key-value pairs to set as either environment variables or mounted volumes in the format: `KEY1=secret-key-1:latest,/secrets/api/key=secret-key-2:latest`. The secrets will be fetched from the Secret Manager. **All existing environment secrets or volumes will be retained**. |
+| `secrets`| _optional_ | | List of key-value pairs to set as either environment variables or mounted volumes in the format: `KEY1=secret-key-1:latest,/secrets/api/key=secret-key-2:latest`. The secrets will be fetched from the Secret Manager. The service identity must have permissions to read the secrets. Multiple secrets can be split across multiple lines: <pre>secrets: \|<br>&emsp;&emsp;SECRET_NAME=secret_name<br>&emsp;&emsp;SECRET_NAME2=secret_name2</pre> <br>**All existing environment secrets or volumes will be retained**. |
 | `metadata`| _optional_ | | YAML service description for the Cloud Run service (**Other inputs will be overridden**). See [Metadata customizations](#metadata-customizations) for more information. |
 | `project_id`| _optional_ | | ID of the Google Cloud project. If provided, this will override the project configured by `setup-gcloud`. |
 | `source` | _optional_ | | Deploy from source by specifying the source directory. The [Artifact Registry API][artifact-api] needs to be enabled and the service account role `Cloud Build Service Account` is required. The first deployment will create an [Artifact Registry repository][repo] which requires the `Artifact Registry Admin` role. Learn more about [Deploying from source code](https://cloud.google.com/run/docs/deploying-source-code). |

src/deploy-cloudrun.ts

@@ -149,7 +149,7 @@ export async function run(): Promise<void> {
       // Set optional flags from inputs
       if (envVars) cmd.push('--update-env-vars', envVars);
       if (secrets) {
-        cmd.push('--update-secrets', secrets);
+        cmd.push('--update-secrets', secrets.replace('\n', ','));
         installBeta = true;
       }
       if (tag) {