PowerCraft.Release

1.0.0

Private/Get-SecretBootstrapBlock.ps1

                                function Get-SecretBootstrapBlock {

    <#

    .SYNOPSIS

        Generate a GitHub Actions step block for bootstrapping PowerCraft.Secrets.

    .DESCRIPTION

        Inspects a module manifest's RequiredModules. If PowerCraft.Secrets is present,

        generates a CI step that loads API keys from GitHub Actions secrets into the

        PowerCraft secret store via Set-PCSecret.

    .PARAMETER ManifestPath

        Path to the .psd1 module manifest.

    .PARAMETER SecretMappings

        Optional hashtable of env var name → secret store name overrides.

        Default mappings are used for known secrets (OpenAI, Anthropic, Gemini).

    .OUTPUTS

        [string] A YAML step block (indented for ci.yml) or empty string if not needed.

    #>

    [CmdletBinding()]

    [OutputType([string])]

    param(

        [Parameter(Mandatory)]

        [string]$ManifestPath,

        [hashtable]$SecretMappings

    )

    $manifest = Import-PowerShellDataFile $ManifestPath

    $moduleName = [System.IO.Path]::GetFileNameWithoutExtension($ManifestPath)

    # Check if PowerCraft.Secrets is a dependency

    $needsSecrets = $false

    if ($manifest.RequiredModules) {

        foreach ($dep in $manifest.RequiredModules) {

            $depName = if ($dep -is [string]) { $dep } else { $dep.ModuleName }

            if ($depName -eq 'PowerCraft.Secrets') { $needsSecrets = $true; break }

        }

    }

    if (-not $needsSecrets) { return '' }

    # Default secret mappings (env var → store name)

    $defaults = [ordered]@{

        'OPENAI_API_KEY'    = 'openai'

        'ANTHROPIC_API_KEY' = 'anthropic'

        'GOOGLE_AI_API_KEY' = 'gemini'

    }

    # Apply overrides

    if ($SecretMappings) {

        foreach ($key in $SecretMappings.Keys) {

            $defaults[$key] = $SecretMappings[$key]

        }

    }

    # Build the env block

    $envLines = ($defaults.Keys | ForEach-Object {

        "          $_`: `${{ secrets.$_ }}"

    }) -join "`n"

    # Build the Set-PCSecret lines

    $secretLines = ($defaults.GetEnumerator() | ForEach-Object {

        "          if (`$env:$($_.Key)) { Set-PCSecret -Name '$($_.Value)' -Value `$env:$($_.Key) }"

    }) -join "`n"

    # Return the complete step block (indented for ci.yml job steps)

    @"

      - name: Bootstrap Secrets for Tests

        shell: pwsh

        env:

$envLines

        run: |

          Import-Module ./$moduleName.psd1 -Force

$secretLines

"@

}