name: 'get-ca-cert'
description: 'Github action to retrieve root ca certificate from cfssl PKI API'
branding:
  icon: anchor
  color: green
inputs:
  pki-address:
    description: 'cfssl pki API address'
    default: 'pki.localdomain'
    required: false
  pki-port:
    description: 'cfssl pki API port'
    default: '444'
    required: false
  debug:
    description: "show debug information about certificate truststore content"
    required: false
    default: "false"
outputs:
  ca-cert:
    value: "${{ steps.retrieve-ca-cert.outputs.ca-cert }}"
    description: Root ca certificate in x509 format
  ca-cert-base64:
    value: "${{ steps.retrieve-ca-cert.outputs.ca-cert-base64 }}"
    description: x509 formated root ca certificate encoded in base64
runs:
  using: "composite"
  steps:
    - name: Get root ca certificate from cfssl PKI API
      id: retrieve-ca-cert
      shell: bash
      run: |
        ca_cert=$(curl -sSL -d '{"label": "primary"}' ${{ inputs.pki-address }}:${{ inputs.pki-port }}/api/v1/cfssl/info |jq -r '.result.certificate')
        ca_cert_base64=$(echo "$ca_cert" | base64 -w 0)
        
        echo "ca-cert<<EOF" >> "$GITHUB_OUTPUT"
        echo "$ca_cert" >> "$GITHUB_OUTPUT"
        echo "EOF" >> "$GITHUB_OUTPUT"
        
        echo "ca-cert-base64=$ca_cert_base64" >> "$GITHUB_OUTPUT"

    - name: Show retrieve root CA cert
      if: ${{ inputs.debug == 'true' }}
      shell: bash
      run: |
        echo "${{ steps.retrieve-ca-cert.outputs.ca-cert }}"
        echo "${{ steps.retrieve-ca-cert.outputs.ca-cert-base64 }}"