From 3123fc538b234b146eda689c200ba2e7b34b3af7 Mon Sep 17 00:00:00 2001
From: "Joslin, Brady W (Brady)" <brady@bradyjoslin.com>
Date: Mon, 15 Jun 2020 23:09:55 -0500
Subject: [PATCH 1/3] add secrets publishing

---
 README.md     | 18 ++++++++++++++++++
 action.yml    | 15 +++++++++------
 entrypoint.sh | 18 +++++++++++++++++-
 3 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index fa3f38c..1b3c298 100644
--- a/README.md
+++ b/README.md
@@ -93,6 +93,24 @@ jobs:
         workingDirectory: 'subfoldername'
 ```
 
+[Worker secrets](https://developers.cloudflare.com/workers/tooling/wrangler/secrets/) can be optionally passed as a new line deliminated string of names in `secrets`.  Each secret name must match an environment variable name specified in the `env` attribute.  Creates or replaces the value for the Worker secret using the `wrangler secret put` command.
+
+```yaml
+jobs:
+  deploy:
+    steps:
+      uses: cloudflare/wrangler-action@1.1.0
+      with:
+        apiToken: ${{ secrets.CF_API_TOKEN }}
+        workingDirectory: 'subfoldername'
+        secrets: |
+            SECRET1
+            SECRET2
+      env:
+        SECRET1: ${{ secrets.SECRET1 }}
+        SECRET2: ${{ secrets.SECRET2 }}
+```
+
 ## Use cases
 
 ### Deploying when commits are merged to master
diff --git a/action.yml b/action.yml
index 33ace1a..57d8764 100644
--- a/action.yml
+++ b/action.yml
@@ -1,11 +1,11 @@
-name: 'Deploy to Cloudflare Workers with Wrangler'
+name: "Deploy to Cloudflare Workers with Wrangler"
 branding:
-  icon: 'upload-cloud'
-  color: 'orange'
-description: 'Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler'
+  icon: "upload-cloud"
+  color: "orange"
+description: "Deploy your Cloudflare Workers applications and sites directly from GitHub, using Wrangler"
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
+  using: "docker"
+  image: "Dockerfile"
 inputs:
   apiKey:
     description: "(Legacy) Your Cloudflare API Key"
@@ -19,3 +19,6 @@ inputs:
     description: "The relative path which Wrangler commands should be run from"
   wranglerVersion:
     description: "The version of Wrangler you'd like to use to publish your Workers project"
+  secrets:
+    description: "A new line deliminated string of environment variable names that should be configured as Worker secrets"
+    required: false
diff --git a/entrypoint.sh b/entrypoint.sh
index 075f312..ffa0580 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -58,12 +58,28 @@ then
   cd "$INPUT_WORKINGDIRECTORY"
 fi
 
-# If an environment is detected as input
+secret_not_found() {
+  echo "::error::Specified secret \"$1\" not found in environment variables."
+  exit 1
+}
+
+# If an environment is detected as input, for each secret specified get the value of
+# the matching named environment variable then configure using wrangler secret put.
 if [ -z "$INPUT_ENVIRONMENT" ]
 then
   wrangler publish
+
+  for SECRET in $INPUT_SECRETS; do
+    VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
+    echo "$VALUE" | wrangler secret put "$SECRET"
+  done
 else
   wrangler publish -e "$INPUT_ENVIRONMENT"
+
+  for SECRET in $INPUT_SECRETS; do
+    VALUE=$(printenv "$SECRET") || secret_not_found "$SECRET"
+    echo "$VALUE" | wrangler secret put "$SECRET" --env "$INPUT_ENVIRONMENT"
+  done
 fi
 
 # If a working directory is detected as input, revert to the

From aabd478947307ac9b35d30ce9083311731f95566 Mon Sep 17 00:00:00 2001
From: "Joslin, Brady W (Brady)" <brady@bradyjoslin.com>
Date: Mon, 22 Jun 2020 09:35:46 -0500
Subject: [PATCH 2/3] update test worker for testing secrets

---
 test/workers-site/index.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/test/workers-site/index.js b/test/workers-site/index.js
index f980a77..f2b6e1f 100644
--- a/test/workers-site/index.js
+++ b/test/workers-site/index.js
@@ -34,6 +34,14 @@ async function handleEvent(event) {
    */
   // options.mapRequestToAsset = handlePrefix(/^\/docs/)
 
+  // Path to test secrets passed through Wrangler Action.  Create SECRET1 and SECRET2 secrets
+  // in the Action repo to something innocuous like "Hello" and "World!".
+  if (url.pathname === "/secret") {
+    let sec1 = (typeof SECRET1 !== 'undefined') ? SECRET1 : ""
+    let sec2 = (typeof SECRET2 !== 'undefined') ? SECRET2 : ""
+    return new Response(`${sec1} ${sec2}`)
+  }
+  
   try {
     if (DEBUG) {
       // customize caching

From 4259a86a6b7b4df135e9a10c0ecfa7e84ed3f371 Mon Sep 17 00:00:00 2001
From: Brady Joslin <brady@bradyjoslin.com>
Date: Mon, 22 Jun 2020 10:02:00 -0500
Subject: [PATCH 3/3] Update deploy.yml

---
 .github/workflows/deploy.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 15c6e17..1140052 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -46,3 +46,20 @@ jobs:
         environment: "production"
         wranglerVersion: '1.5.0'
         workingDirectory: 'test'
+  publish_secrets:
+    runs-on: ubuntu-latest
+    name: Publish app with secrets
+    steps:
+      - uses: actions/checkout@v2
+      - name: Publish app
+        uses: ./
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          environment: "production"
+          workingDirectory: "test"
+          secrets: |
+            SECRET1
+            SECRET2
+        env:
+          SECRET1: ${{ secrets.SECRET1 }}
+          SECRET2: ${{ secrets.SECRET2 }}