vaulter 1.0.34 → 1.0.36

package/README.md

@@ -312,47 +312,164 @@ Vaulter separates **local development** from **deployment** configurations:
 
 ## CI/CD
 
-### GitHub Actions (Recommended)
+### GitHub Action (Recommended)
 
-Use `vaulter run` to execute commands with auto-loaded environment variables:
+Use the official Vaulter GitHub Action for seamless CI/CD integration:
 
 ```yaml
-name: Build & Deploy
-on:
-  push:
-    branches: [main]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v4
-
-      - name: Pull secrets from backend
-        env:
-          VAULTER_KEY: ${{ secrets.VAULTER_KEY }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        run: npx vaulter sync pull -e prd
-
-      - name: Build with env vars
-        run: npx vaulter run -e prd -- pnpm build
-
-  deploy:
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Deploy secrets to K8s
-        env:
-          VAULTER_KEY: ${{ secrets.VAULTER_KEY }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        run: npx vaulter export k8s-secret -e prd | kubectl apply -f -
-```
-
-**Auto-detection in CI:** When `CI=true` or `GITHUB_ACTIONS` is set, vaulter automatically loads from `.vaulter/deploy/` instead of `.vaulter/local/`.
+- uses: forattini-dev/vaulter@v1
+  id: secrets
+  with:
+    backend: s3://my-bucket/secrets
+    project: my-app
+    environment: prd
+    outputs: env,k8s-secret
+  env:
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+```
+
+#### Output Formats
+
+| Output | File | Use Case |
+|:-------|:-----|:---------|
+| `env` | `.env` | Docker, Node.js |
+| `json` | `vaulter-vars.json` | Custom scripts |
+| `k8s-secret` | `k8s-secret.yaml` | `kubectl apply` |
+| `k8s-configmap` | `k8s-configmap.yaml` | `kubectl apply` |
+| `helm-values` | `helm-values.yaml` | `helmfile`, `helm` |
+| `tfvars` | `terraform.auto.tfvars` | `terraform`, `terragrunt` |
+| `shell` | `vaulter-env.sh` | `source` in scripts |
+
+#### Full Examples
+
+**kubectl:**
+```yaml
+- uses: forattini-dev/vaulter@v1
+  with:
+    backend: ${{ secrets.VAULTER_BACKEND }}
+    project: my-app
+    environment: prd
+    outputs: k8s-secret,k8s-configmap
+    k8s-namespace: my-namespace
+  env:
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+
+- run: |
+    kubectl apply -f k8s-secret.yaml
+    kubectl apply -f k8s-configmap.yaml
+```
+
+**Helmfile:**
+```yaml
+- uses: forattini-dev/vaulter@v1
+  with:
+    backend: ${{ secrets.VAULTER_BACKEND }}
+    project: my-app
+    environment: prd
+    outputs: helm-values
+    helm-values-path: ./helm/secrets.yaml
+  env:
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+
+- run: helmfile -e prd apply
+```
+
+**Terraform/Terragrunt:**
+```yaml
+- uses: forattini-dev/vaulter@v1
+  with:
+    backend: ${{ secrets.VAULTER_BACKEND }}
+    project: infra
+    environment: prd
+    outputs: tfvars
+    # .auto.tfvars is loaded automatically by Terraform!
+    tfvars-path: ./secrets.auto.tfvars
+  env:
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+
+- run: terragrunt apply -auto-approve
+```
+
+**Docker Build:**
+```yaml
+- uses: forattini-dev/vaulter@v1
+  with:
+    backend: ${{ secrets.VAULTER_BACKEND }}
+    project: my-app
+    environment: prd
+    outputs: env
+    env-path: .env.production
+  env:
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+
+- run: docker build --secret id=env,src=.env.production -t app .
+```
+
+**Export to GITHUB_ENV:**
+```yaml
+- uses: forattini-dev/vaulter@v1
+  with:
+    backend: ${{ secrets.VAULTER_BACKEND }}
+    project: my-app
+    environment: prd
+    export-to-env: true  # Makes vars available in subsequent steps
+  env:
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+
+- run: echo "Database is $DATABASE_URL"  # Available!
+```
+
+#### Action Inputs
+
+| Input | Required | Default | Description |
+|:------|:--------:|:--------|:------------|
+| `backend` | ✓ | - | S3 connection string |
+| `project` | ✓ | - | Project name |
+| `environment` | ✓ | - | Environment (dev/stg/prd) |
+| `service` | | - | Service (monorepo) |
+| `outputs` | | `env` | Comma-separated outputs |
+| `k8s-namespace` | | `default` | K8s namespace |
+| `export-to-env` | | `false` | Export to GITHUB_ENV |
+| `mask-values` | | `true` | Mask secrets in logs |
+
+#### Action Outputs
+
+| Output | Description |
+|:-------|:------------|
+| `env-file` | Path to .env file |
+| `k8s-secret-file` | Path to K8s Secret YAML |
+| `k8s-configmap-file` | Path to K8s ConfigMap YAML |
+| `helm-values-file` | Path to Helm values file |
+| `tfvars-file` | Path to .tfvars file |
+| `vars-count` | Number of variables |
+| `vars-json` | JSON array of variable names |
+
+### CLI in CI/CD
+
+You can also use the CLI directly:
+
+```yaml
+- name: Pull and build
+  env:
+    VAULTER_PASSPHRASE: ${{ secrets.VAULTER_PASSPHRASE }}
+    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  run: |
+    npx vaulter sync pull -e prd
+    npx vaulter run -e prd -- pnpm build
+```
 
 ### Other Platforms
 

package/action.yml

@@ -0,0 +1,116 @@
+name: 'Vaulter - Pull Secrets'
+description: 'Pull environment variables from Vaulter backend and generate outputs for kubectl, helm, terraform, and more'
+author: 'Forattini'
+branding:
+  icon: 'lock'
+  color: 'purple'
+
+inputs:
+  # ─── Connection ───
+  backend:
+    description: 'Connection string (s3://bucket, file://path, memory://). Can also use VAULTER_BACKEND env var.'
+    required: false
+  passphrase:
+    description: 'Encryption passphrase for symmetric mode. Can also use VAULTER_PASSPHRASE env var.'
+    required: false
+
+  # ─── Filters ───
+  project:
+    description: 'Project name'
+    required: true
+  environment:
+    description: 'Environment (dev/stg/prd or custom)'
+    required: true
+  service:
+    description: 'Service name for monorepo setups'
+    required: false
+
+  # ─── Outputs Selection ───
+  outputs:
+    description: 'Comma-separated list of outputs to generate: env,json,k8s-secret,k8s-configmap,helm-values,tfvars,shell'
+    default: 'env'
+
+  # ─── Output Paths ───
+  env-path:
+    description: 'Path for .env file output'
+    default: '.env'
+  json-path:
+    description: 'Path for JSON output'
+    default: 'vaulter-vars.json'
+  k8s-secret-path:
+    description: 'Path for Kubernetes Secret YAML'
+    default: 'k8s-secret.yaml'
+  k8s-configmap-path:
+    description: 'Path for Kubernetes ConfigMap YAML'
+    default: 'k8s-configmap.yaml'
+  helm-values-path:
+    description: 'Path for Helm values.yaml'
+    default: 'helm-values.yaml'
+  tfvars-path:
+    description: 'Path for Terraform .tfvars file'
+    default: 'terraform.auto.tfvars'
+  shell-path:
+    description: 'Path for shell export script'
+    default: 'vaulter-env.sh'
+
+  # ─── K8s Options ───
+  k8s-secret-name:
+    description: 'Name for Kubernetes Secret resource'
+    required: false
+  k8s-configmap-name:
+    description: 'Name for Kubernetes ConfigMap resource'
+    required: false
+  k8s-namespace:
+    description: 'Kubernetes namespace'
+    default: 'default'
+
+  # ─── Encryption Mode ───
+  encryption-mode:
+    description: 'Encryption mode: symmetric or asymmetric'
+    default: 'symmetric'
+  public-key:
+    description: 'Public key PEM content (asymmetric mode)'
+    required: false
+  private-key:
+    description: 'Private key PEM content (asymmetric mode)'
+    required: false
+  asymmetric-algorithm:
+    description: 'Algorithm for asymmetric mode: rsa-4096, rsa-2048, ec-p256, ec-p384'
+    default: 'rsa-4096'
+
+  # ─── Shared Vars ───
+  include-shared:
+    description: 'Include shared variables when service is specified'
+    default: 'true'
+
+  # ─── Export to GitHub Env ───
+  export-to-env:
+    description: 'Export variables to GITHUB_ENV for subsequent steps'
+    default: 'false'
+  mask-values:
+    description: 'Mask secret values in logs'
+    default: 'true'
+
+outputs:
+  env-file:
+    description: 'Path to generated .env file'
+  json-file:
+    description: 'Path to generated JSON file'
+  k8s-secret-file:
+    description: 'Path to generated Kubernetes Secret YAML'
+  k8s-configmap-file:
+    description: 'Path to generated Kubernetes ConfigMap YAML'
+  helm-values-file:
+    description: 'Path to generated Helm values file'
+  tfvars-file:
+    description: 'Path to generated Terraform .tfvars file'
+  shell-file:
+    description: 'Path to generated shell export script'
+  vars-count:
+    description: 'Number of variables exported'
+  vars-json:
+    description: 'JSON string with all variable names (not values)'
+
+runs:
+  using: 'node20'
+  main: 'dist/action/index.cjs'

package/dist/action/formats.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Vaulter GitHub Action - Output Format Generators
+ *
+ * Generates output files in various formats for different IaC tools:
+ * - env: Standard .env file
+ * - json: JSON key-value pairs
+ * - k8s-secret: Kubernetes Secret YAML
+ * - k8s-configmap: Kubernetes ConfigMap YAML
+ * - helm-values: Helm values.yaml
+ * - tfvars: Terraform .tfvars
+ * - shell: Shell export script
+ */
+/**
+ * Generate .env file content
+ */
+export declare function generateEnvFile(vars: Record<string, string>): string;
+/**
+ * Generate JSON file content
+ */
+export declare function generateJsonFile(vars: Record<string, string>): string;
+/**
+ * Generate Kubernetes Secret YAML
+ */
+export declare function generateK8sSecret(vars: Record<string, string>, options: {
+    name: string;
+    namespace: string;
+    environment: string;
+}): string;
+/**
+ * Generate Kubernetes ConfigMap YAML
+ */
+export declare function generateK8sConfigMap(vars: Record<string, string>, options: {
+    name: string;
+    namespace: string;
+    environment: string;
+}): string;
+/**
+ * Generate Helm values.yaml
+ */
+export declare function generateHelmValues(vars: Record<string, string>, options: {
+    project: string;
+    environment: string;
+    service?: string;
+}): string;
+/**
+ * Generate Terraform .tfvars
+ */
+export declare function generateTfVars(vars: Record<string, string>, options: {
+    project: string;
+    environment: string;
+    service?: string;
+}): string;
+/**
+ * Generate shell export script
+ */
+export declare function generateShellExport(vars: Record<string, string>): string;
+//# sourceMappingURL=formats.d.ts.map

package/dist/action/formats.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"formats.d.ts","sourceRoot":"","sources":["../../src/action/formats.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAyGH;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAYpE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAErE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;CACpB,GACA,MAAM,CAsBR;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;CACpB,GACA,MAAM,CAqBR;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE;IACP,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,GACA,MAAM,CA4BR;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE;IACP,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,GACA,MAAM,CA6BR;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAcxE"}

package/dist/action/formats.js

@@ -0,0 +1,241 @@
+/**
+ * Vaulter GitHub Action - Output Format Generators
+ *
+ * Generates output files in various formats for different IaC tools:
+ * - env: Standard .env file
+ * - json: JSON key-value pairs
+ * - k8s-secret: Kubernetes Secret YAML
+ * - k8s-configmap: Kubernetes ConfigMap YAML
+ * - helm-values: Helm values.yaml
+ * - tfvars: Terraform .tfvars
+ * - shell: Shell export script
+ */
+// ─────────────────────────────────────────────────────────────────────────────
+// Utility Functions
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Encode string to base64 (for K8s secrets)
+ */
+function base64Encode(str) {
+    return Buffer.from(str, 'utf-8').toString('base64');
+}
+/**
+ * Sanitize name for Kubernetes (lowercase, alphanumeric, dashes)
+ */
+function sanitizeK8sName(name) {
+    return name
+        .toLowerCase()
+        .replace(/[^a-z0-9-]/g, '-')
+        .replace(/--+/g, '-')
+        .replace(/^-|-$/g, '')
+        .slice(0, 63);
+}
+/**
+ * Escape value for .env file
+ */
+function escapeEnvValue(value) {
+    // If value contains special chars, wrap in quotes
+    if (value.includes(' ') ||
+        value.includes('"') ||
+        value.includes("'") ||
+        value.includes('#') ||
+        value.includes('\n') ||
+        value.includes('$') ||
+        value.startsWith(' ') ||
+        value.endsWith(' ')) {
+        // Use double quotes and escape internal quotes and backslashes
+        return `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/\n/g, '\\n')}"`;
+    }
+    return value;
+}
+/**
+ * Format value for YAML (with proper quoting)
+ */
+function formatYamlValue(value) {
+    const needsQuote = value === '' ||
+        value === 'true' ||
+        value === 'false' ||
+        value === 'null' ||
+        value === 'yes' ||
+        value === 'no' ||
+        value === 'on' ||
+        value === 'off' ||
+        !isNaN(Number(value)) ||
+        value.includes(':') ||
+        value.includes('#') ||
+        value.includes('\n') ||
+        value.includes('"') ||
+        value.includes("'") ||
+        value.startsWith(' ') ||
+        value.endsWith(' ') ||
+        value.startsWith('{') ||
+        value.startsWith('[') ||
+        value.startsWith('*') ||
+        value.startsWith('&');
+    if (needsQuote) {
+        return `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/\n/g, '\\n')}"`;
+    }
+    return value;
+}
+/**
+ * Format value for Terraform HCL
+ */
+function formatTfValue(value) {
+    const escaped = value
+        .replace(/\\/g, '\\\\')
+        .replace(/"/g, '\\"')
+        .replace(/\n/g, '\\n')
+        .replace(/\r/g, '\\r')
+        .replace(/\t/g, '\\t');
+    return `"${escaped}"`;
+}
+/**
+ * Escape value for shell (single quotes)
+ */
+function escapeShellValue(value) {
+    // Use single quotes and escape internal single quotes
+    return `'${value.replace(/'/g, "'\\''")}'`;
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Format Generators
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Generate .env file content
+ */
+export function generateEnvFile(vars) {
+    const lines = [
+        '# Generated by Vaulter GitHub Action',
+        `# Generated at: ${new Date().toISOString()}`,
+        ''
+    ];
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`${key}=${escapeEnvValue(value)}`);
+    }
+    return lines.join('\n') + '\n';
+}
+/**
+ * Generate JSON file content
+ */
+export function generateJsonFile(vars) {
+    return JSON.stringify(vars, null, 2) + '\n';
+}
+/**
+ * Generate Kubernetes Secret YAML
+ */
+export function generateK8sSecret(vars, options) {
+    const lines = [
+        '# Generated by Vaulter GitHub Action',
+        `# Generated at: ${new Date().toISOString()}`,
+        '# Apply: kubectl apply -f <file>',
+        'apiVersion: v1',
+        'kind: Secret',
+        'metadata:',
+        `  name: ${sanitizeK8sName(options.name)}`,
+        `  namespace: ${sanitizeK8sName(options.namespace)}`,
+        '  labels:',
+        '    app.kubernetes.io/managed-by: vaulter',
+        `    app.kubernetes.io/environment: ${options.environment}`,
+        'type: Opaque',
+        'data:'
+    ];
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`  ${key}: ${base64Encode(value)}`);
+    }
+    return lines.join('\n') + '\n';
+}
+/**
+ * Generate Kubernetes ConfigMap YAML
+ */
+export function generateK8sConfigMap(vars, options) {
+    const lines = [
+        '# Generated by Vaulter GitHub Action',
+        `# Generated at: ${new Date().toISOString()}`,
+        '# Apply: kubectl apply -f <file>',
+        'apiVersion: v1',
+        'kind: ConfigMap',
+        'metadata:',
+        `  name: ${sanitizeK8sName(options.name)}`,
+        `  namespace: ${sanitizeK8sName(options.namespace)}`,
+        '  labels:',
+        '    app.kubernetes.io/managed-by: vaulter',
+        `    app.kubernetes.io/environment: ${options.environment}`,
+        'data:'
+    ];
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`  ${key}: ${formatYamlValue(value)}`);
+    }
+    return lines.join('\n') + '\n';
+}
+/**
+ * Generate Helm values.yaml
+ */
+export function generateHelmValues(vars, options) {
+    const lines = [
+        '# Generated by Vaulter GitHub Action',
+        `# Project: ${options.project}`,
+        `# Environment: ${options.environment}`,
+        options.service ? `# Service: ${options.service}` : null,
+        `# Generated at: ${new Date().toISOString()}`,
+        '# DO NOT EDIT - changes will be overwritten',
+        '',
+        '# All environment variables',
+        'env:'
+    ].filter(Boolean);
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`  ${key}: ${formatYamlValue(value)}`);
+    }
+    // Also provide as envFrom-compatible format
+    lines.push('');
+    lines.push('# As key-value pairs for envFrom');
+    lines.push('envVars:');
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`  - name: ${key}`);
+        lines.push(`    value: ${formatYamlValue(value)}`);
+    }
+    return lines.join('\n') + '\n';
+}
+/**
+ * Generate Terraform .tfvars
+ */
+export function generateTfVars(vars, options) {
+    const lines = [
+        '# Generated by Vaulter GitHub Action',
+        `# Project: ${options.project}`,
+        `# Environment: ${options.environment}`,
+        options.service ? `# Service: ${options.service}` : null,
+        `# Generated at: ${new Date().toISOString()}`,
+        '# DO NOT EDIT - changes will be overwritten',
+        ''
+    ].filter(Boolean);
+    // Individual variables with lowercase names
+    for (const [key, value] of Object.entries(vars)) {
+        const tfKey = key.toLowerCase();
+        lines.push(`${tfKey} = ${formatTfValue(value)}`);
+    }
+    // All vars as a map (useful for for_each)
+    lines.push('');
+    lines.push('# All environment variables as a map');
+    lines.push('env_vars = {');
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`  "${key}" = ${formatTfValue(value)}`);
+    }
+    lines.push('}');
+    return lines.join('\n') + '\n';
+}
+/**
+ * Generate shell export script
+ */
+export function generateShellExport(vars) {
+    const lines = [
+        '#!/bin/bash',
+        '# Generated by Vaulter GitHub Action',
+        `# Generated at: ${new Date().toISOString()}`,
+        '# Usage: source <file> or . <file>',
+        ''
+    ];
+    for (const [key, value] of Object.entries(vars)) {
+        lines.push(`export ${key}=${escapeShellValue(value)}`);
+    }
+    return lines.join('\n') + '\n';
+}
+//# sourceMappingURL=formats.js.map

package/dist/action/formats.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"formats.js","sourceRoot":"","sources":["../../src/action/formats.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF;;GAEG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAI;SACR,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,kDAAkD;IAClD,IACE,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QACpB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EACnB,CAAC;QACD,+DAA+D;QAC/D,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAA;IACvF,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,UAAU,GACd,KAAK,KAAK,EAAE;QACZ,KAAK,KAAK,MAAM;QAChB,KAAK,KAAK,OAAO;QACjB,KAAK,KAAK,MAAM;QAChB,KAAK,KAAK,KAAK;QACf,KAAK,KAAK,IAAI;QACd,KAAK,KAAK,IAAI;QACd,KAAK,KAAK,KAAK;QACf,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QACpB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IAEvB,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAA;IACvF,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,OAAO,GAAG,KAAK;SAClB,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;SACpB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAExB,OAAO,IAAI,OAAO,GAAG,CAAA;AACvB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAa;IACrC,sDAAsD;IACtD,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAA;AAC5C,CAAC;AAED,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAA4B;IAC1D,MAAM,KAAK,GAAG;QACZ,sCAAsC;QACtC,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,EAAE;KACH,CAAA;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAC/C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAA4B;IAC3D,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAA;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAA4B,EAC5B,OAIC;IAED,MAAM,KAAK,GAAG;QACZ,sCAAsC;QACtC,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,kCAAkC;QAClC,gBAAgB;QAChB,cAAc;QACd,WAAW;QACX,WAAW,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;QAC1C,gBAAgB,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;QACpD,WAAW;QACX,2CAA2C;QAC3C,sCAAsC,OAAO,CAAC,WAAW,EAAE;QAC3D,cAAc;QACd,OAAO;KACR,CAAA;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAChD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAA4B,EAC5B,OAIC;IAED,MAAM,KAAK,GAAG;QACZ,sCAAsC;QACtC,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,kCAAkC;QAClC,gBAAgB;QAChB,iBAAiB;QACjB,WAAW;QACX,WAAW,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;QAC1C,gBAAgB,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;QACpD,WAAW;QACX,2CAA2C;QAC3C,sCAAsC,OAAO,CAAC,WAAW,EAAE;QAC3D,OAAO;KACR,CAAA;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IACnD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAA4B,EAC5B,OAIC;IAED,MAAM,KAAK,GAAG;QACZ,sCAAsC;QACtC,cAAc,OAAO,CAAC,OAAO,EAAE;QAC/B,kBAAkB,OAAO,CAAC,WAAW,EAAE;QACvC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI;QACxD,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,6CAA6C;QAC7C,EAAE;QACF,6BAA6B;QAC7B,MAAM;KACP,CAAC,MAAM,CAAC,OAAO,CAAa,CAAA;IAE7B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IACnD,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACd,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;IAC9C,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAEtB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,EAAE,CAAC,CAAA;QAC9B,KAAK,CAAC,IAAI,CAAC,cAAc,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IACpD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,IAA4B,EAC5B,OAIC;IAED,MAAM,KAAK,GAAG;QACZ,sCAAsC;QACtC,cAAc,OAAO,CAAC,OAAO,EAAE;QAC/B,kBAAkB,OAAO,CAAC,WAAW,EAAE;QACvC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI;QACxD,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,6CAA6C;QAC7C,EAAE;KACH,CAAC,MAAM,CAAC,OAAO,CAAa,CAAA;IAE7B,4CAA4C;IAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;QAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACd,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAA;IAClD,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IAE1B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAA4B;IAC9D,MAAM,KAAK,GAAG;QACZ,aAAa;QACb,sCAAsC;QACtC,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,oCAAoC;QACpC,EAAE;KACH,CAAA;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IACxD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC"}