Private/Get-SecretsEnvBlock.ps1
|
function Get-SecretsEnvBlock { <# .SYNOPSIS Generate a job-level env: block mapping GitHub secrets to environment variables. .DESCRIPTION Reads the ci.secrets array from .powercraft/release.json and renders a YAML env: block suitable for insertion at job level in a GitHub Actions workflow. If no secrets are configured, returns an empty string (no env block rendered). .PARAMETER Config The PSCustomObject returned by Read-PCReleaseConfig. .OUTPUTS [string] A YAML env block (indented for job level) or empty string. #> [CmdletBinding()] [OutputType([string])] param( [Parameter(Mandatory)] [PSCustomObject]$Config ) if (-not $Config.ci.secrets -or $Config.ci.secrets.Count -eq 0) { return '' } $lines = @(' env:') foreach ($secret in $Config.ci.secrets) { $lines += " $secret`: `${{ secrets.$secret }}" } # Return with leading newline so it slots cleanly after runs-on line "`n" + ($lines -join "`n") } |