feat: added double asterisk wildcard selector to prevent uppercasing of keys before exporting envs (#545)

* feat: added double asterisk wildcard selector to prevent uppercasing of keys before exporting envs * chore: update changelog --------- Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2026-04-07 12:39:26 +00:00 · 2025-03-03 23:31:00 +02:00 · 2025-03-03 23:31:00 +02:00 · 7709c60978
commit 7709c60978
parent 4b1f32b395
8 changed files with 69 additions and 20 deletions
--- a/src/action.js
+++ b/src/action.js
@ -4,7 +4,7 @@ const command = require('@actions/core/lib/command');
 const got = require('got').default;
 const jsonata = require('jsonata');
 const { normalizeOutputKey } = require('./utils');
-const { WILDCARD } = require('./constants');
+const { WILDCARD, WILDCARD_UPPERCASE } = require('./constants');

 const { auth: { retrieveToken }, secrets: { getSecrets }, pki: { getCertificates } } = require('./index');

@ -221,7 +221,7 @@ function parseSecretsInput(secretsInput) {
        const selectorAst = jsonata(selectorQuoted).ast();
        const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');

-        if (selector !== WILDCARD && (selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
+        if (selector !== WILDCARD && selector !== WILDCARD_UPPERCASE && (selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
            throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
        }

--- a/src/constants.js
+++ b/src/constants.js
@ -1,5 +1,7 @@
-const WILDCARD = '*';
+const WILDCARD_UPPERCASE = '*';
+const WILDCARD = '**';

 module.exports = {
-    WILDCARD
-};
+    WILDCARD,
+    WILDCARD_UPPERCASE,
+};
--- a/src/secrets.js
+++ b/src/secrets.js
@ -1,5 +1,5 @@
 const jsonata = require("jsonata");
-const { WILDCARD } = require("./constants");
+const { WILDCARD, WILDCARD_UPPERCASE} = require("./constants");
 const { normalizeOutputKey } = require("./utils");
 const core = require('@actions/core');

@ -26,6 +26,7 @@ const core = require('@actions/core');
 async function getSecrets(secretRequests, client, ignoreNotFound) {
    const responseCache = new Map();
    let results = [];
+    let upperCaseEnv = false;

    for (const secretRequest of secretRequests) {
        let { path, selector } = secretRequest;
@ -59,7 +60,8 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {

        body = JSON.parse(body);

-        if (selector == WILDCARD) {
+        if (selector === WILDCARD || selector === WILDCARD_UPPERCASE) {
+            upperCaseEnv = selector === WILDCARD_UPPERCASE;
            let keys = body.data;
            if (body.data["data"] != undefined) {
                keys = keys.data;
@ -78,7 +80,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
                }

                newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
-                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
+                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName, upperCaseEnv);

                // JSONata field references containing reserved tokens should
                // be enclosed in backticks
--- a/src/utils.js
+++ b/src/utils.js
@ -3,12 +3,12 @@
 * @param {string} dataKey
 * @param {boolean=} isEnvVar
 */
-function normalizeOutputKey(dataKey, isEnvVar = false) {
+function normalizeOutputKey(dataKey, upperCase = false) {
  let outputKey = dataKey
    .replace(".", "__")
    .replace(new RegExp("-", "g"), "")
    .replace(/[^\p{L}\p{N}_-]/gu, "");
-  if (isEnvVar) {
+  if (upperCase) {
    outputKey = outputKey.toUpperCase();
  }
  return outputKey;