feat: added github oidc token as a header #229

	name: Test get-vault-secrets action

	on:
	push:
	branches:
	- main
	paths:
	- "actions/get-vault-secrets/**"
	- ".github/workflows/test-get-vault-secrets.yaml"

	pull_request:
	paths:
	- "actions/get-vault-secrets/**"
	- ".github/workflows/test-get-vault-secrets.yaml"
	merge_group:

	permissions:
	contents: read
	id-token: write

	jobs:
	test:
	strategy:
	matrix:
	instance:
	- dev
	- ops
	- invalid
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- name: Test Vault Action
	id: test-vault-action
	uses: ./actions/get-vault-secrets
	continue-on-error: true
	with:
	vault_instance: ${{ matrix.instance }}
	repo_secrets: \|
	INSTANCE=test-get-vault-secret:instance

	- name: Check secret value is ${{ matrix.instance }}
	if: matrix.instance != 'invalid'
	run: \|
	if [[ "${{ env.INSTANCE }}" != "${{ matrix.instance }}" ]]; then
	echo "Test failed: secret value does not match vault_instance input"
	exit 1
	fi

	- name: Ensure 'invalid' errored
	if: matrix.instance == 'invalid' && steps.test-vault-action.outcome != 'failure'
	run: \|
	echo "Test failed: 'invalid' should have errored"
	exit 1

	bats-test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- name: Setup BATS testing framework
	uses: mig4/setup-bats@af9a00deb21b5d795cabfeaa8d9060410377686d # v1.2.0

	- name: Run tests
	run: \|
	cd actions/get-vault-secrets
	./translate-secrets.bats

Provide feedback