@@ -37,13 +37,36 @@ jobs:
3737name : Install wrangler
3838 run : npm install -g wrangler
3939
40- - name : Sync All Secrets to Cloudflare
40+ - name : Calculate secrets hash
41+ id : secrets-hash
42+ env :
43+ SECRETS_CONTEXT : ${{ toJSON(secrets) }}
44+ run : |
45+ SECRETS_HASH=$(echo "$SECRETS_CONTEXT" | jq -r 'to_entries | map(select(.key | startswith("github_") | not) | select(.key != "CLOUDFLARE_API_TOKEN")) | sort_by(.key) | tostring' | sha256sum | cut -d' ' -f1)
46+ echo "hash=$SECRETS_HASH" >> $GITHUB_OUTPUT
47+
48+ name : Restore secrets cache
49+ id : secrets-cache
50+ uses : actions/cache@v3
51+ with :
52+ path : .secrets-cache
53+ key : secrets-${{ steps.secrets-hash.outputs.hash }}
54+
55+ - name : Sync Secrets to Cloudflare
56+ if : steps.secrets-cache.outputs.cache-hit != 'true'
4157 env :
4258 SECRETS_CONTEXT : ${{ toJSON(secrets) }}
4359 CLOUDFLARE_API_TOKEN : ${{ secrets.CLOUDFLARE_API_TOKEN }}
4460 run : |
45- echo "$SECRETS_CONTEXT" | jq -r 'to_entries | .[] | select(.key | startswith("github_") | not) | select(.key != "CLOUDFLARE_API_TOKEN") | .key' | while read -r secret; do
46- secret_value=$(jq -r --arg key "$secret" '.[$key]' <<< "$SECRETS_CONTEXT")
61+ # Create a temporary file to mark cache
62+ mkdir -p .secrets-cache
63+ touch .secrets-cache/synced
64+
65+ # Get all secrets and process them in parallel
66+ echo "$SECRETS_CONTEXT" | jq -r 'to_entries | .[] | select(.key | startswith("gitub_") | not) | select(.key != "CLOUDFLARE_API_TOKEN") | @base64' | \
67+ parallel --jobs 10 'echo {} | base64 --decode | jq -r '"'"'.key,.value'"'" | {
68+ read -r secret
69+ read -r secret_value
4770
4871 if [ -n "${{ steps.check-env.outputs.env_flag }}" ]; then
4972 echo "Setting $secret for environment ${{ steps.check-env.outputs.env_flag }}"
5275 echo "Setting $secret for default environment"
5376 echo "$secret_value" | wrangler secret put "$secret"
5477 fi
55- done
78+ }'
5679
5780name : Deploy
5881 uses : cloudflare/wrangler-action@v3
0 commit comments