From 4baca64066d1f0a4aa4ea61509ed636214357851 Mon Sep 17 00:00:00 2001
From: Eddy Filip <eddy.filip@agilebits.com>
Date: Wed, 1 Sep 2021 18:23:35 +0200
Subject: [PATCH] Enable using loaded secrets from step's output

---
 action.yml    |  3 +++
 entrypoint.sh | 31 ++++++++++++++++++++-----------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/action.yml b/action.yml
index 1631070..bd337e4 100644
--- a/action.yml
+++ b/action.yml
@@ -8,6 +8,9 @@ inputs:
   unset-previous:
     description: Whether to unset environment variables populated by 1Password in earlier job steps
     default: false
+  export-env:
+    description: Export the secrets as environment variables
+    default: false
 runs:
   using: 'node12'
   main: 'dist/index.js'
diff --git a/entrypoint.sh b/entrypoint.sh
index 4336bc3..144ad7a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -62,19 +62,28 @@ for env_var in $(op env ls); do
   done
   unset IFS
 
-  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
-  # As the heredoc identifier, we'll use a randomly generated 64-character string,
-  # so that collisions are practically impossible.
-  random_heredoc_identifier=$(openssl rand -hex 16)
+  if [ "$INPUT_EXPORT_ENV" == "true" ]; then
+    # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
+    # As the heredoc identifier, we'll use a randomly generated 64-character string,
+    # so that collisions are practically impossible.
+    random_heredoc_identifier=$(openssl rand -hex 16)
+  
+    {
+      # Populate env var, using heredoc syntax with generated identifier
+      echo "$env_var<<${random_heredoc_identifier}"
+      echo "$secret_value"
+      echo "${random_heredoc_identifier}"
+    } >> $GITHUB_ENV
 
-  {
-    # Populate env var, using heredoc syntax with generated identifier
-    echo "$env_var<<${random_heredoc_identifier}"
-    echo "$secret_value"
-    echo "${random_heredoc_identifier}"
-  } >> $GITHUB_ENV
+    managed_variables+=("$env_var")
+
+  else
+    # Prepare the secret_value to be outputed properly (especially multiline secrets)
+    secret_value=$(echo "$secret_value" | awk -v ORS='%0A' '1')
+
+    echo "::set-output name=$env_var::$secret_value"
+  fi
 
-  managed_variables+=("$env_var")
 done
 unset IFS