diff --git a/action.yml b/action.yml index 194406d..3ef5741 100644 --- a/action.yml +++ b/action.yml @@ -31,6 +31,9 @@ inputs: description: >- Identity to use, required when auth-method is "oidc". required: false + api-domain: + default: "api.doppler.com" + required: false runs: using: 'node20' main: 'index.js' diff --git a/doppler.js b/doppler.js index fe5f9bd..63b0e2d 100644 --- a/doppler.js +++ b/doppler.js @@ -6,15 +6,16 @@ import { VERSION } from "./meta.js"; * @param {string} dopplerToken * @param {string | null} [dopplerProject] * @param {string | null} [dopplerConfig] + * @param {string} apiDomain * @returns {() => Promise>} */ -export async function fetch(dopplerToken, dopplerProject, dopplerConfig) { +export async function fetch(dopplerToken, dopplerProject, dopplerConfig, apiDomain) { return new Promise(function (resolve, reject) { const encodedAuthData = Buffer.from(`${dopplerToken}:`).toString("base64"); const authHeader = `Basic ${encodedAuthData}`; const userAgent = `secrets-fetch-github-action/${VERSION}`; - const url = new URL("https://api.doppler.com/v3/configs/config/secrets"); + const url = new URL(`https://${apiDomain}/v3/configs/config/secrets`); if (dopplerProject && dopplerConfig) { url.searchParams.append("project", dopplerProject); url.searchParams.append("config", dopplerConfig); @@ -58,13 +59,14 @@ export async function fetch(dopplerToken, dopplerProject, dopplerConfig) { * Exchange an OIDC token for a short lived Doppler service account token * @param {string} identityId * @param {string} oidcToken + * @param {string} apiDomain * @returns {() => Promise} */ -export async function oidcAuth(identityId, oidcToken) { +export async function oidcAuth(identityId, oidcToken, apiDomain) { return new Promise(function (resolve, reject) { const userAgent = `secrets-fetch-github-action/${VERSION}`; - const url = new URL("https://api.doppler.com/v3/auth/oidc"); + const url = new URL(`https://${apiDomain}/v3/auth/oidc`); const body = JSON.stringify({ identity: identityId, token: oidcToken diff --git a/index.js b/index.js index 4e7d959..a6b3072 100644 --- a/index.js +++ b/index.js @@ -9,13 +9,14 @@ if (process.env.NODE_ENV === "development" && process.env.DOPPLER_TOKEN) { } const AUTH_METHOD = core.getInput("auth-method"); +const API_DOMAIN = core.getInput("api-domain"); let DOPPLER_TOKEN = ""; if (AUTH_METHOD === "oidc") { const DOPPLER_IDENTITY_ID = core.getInput("doppler-identity-id", { required: true }); const oidcToken = core.getIDToken(); core.setSecret(oidcToken); - DOPPLER_TOKEN = await oidcAuth(DOPPLER_IDENTITY_ID, oidcToken) + DOPPLER_TOKEN = await oidcAuth(DOPPLER_IDENTITY_ID, oidcToken, API_DOMAIN) } else if (AUTH_METHOD === "token") { DOPPLER_TOKEN = core.getInput("doppler-token", { required: true }); }else { @@ -39,7 +40,7 @@ if (IS_SA_TOKEN && !(DOPPLER_PROJECT && DOPPLER_CONFIG)) { process.exit(); } -const secrets = await fetch(DOPPLER_TOKEN, DOPPLER_PROJECT, DOPPLER_CONFIG); +const secrets = await fetch(DOPPLER_TOKEN, DOPPLER_PROJECT, DOPPLER_CONFIG, API_DOMAIN); for (const [key, secret] of Object.entries(secrets)) { const value = secret.computed || "";