apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: secret-home
spec:
  params:
    - name: subdirectory
      type: string
      description: Subdirectory within the repo where the source code is located
      default: ""

    - name: keys
      type: array
      description: Name of the key(s) to extract from the secret

  workspaces:
    - name: shared
      description: Workspace containing the cloned Git repository
    - name: credentials
      description: Secret data from workspace

  steps:
    - name: extract
      image: alpine:3.21.3
      workingDir: /workspace/shared/$(params.subdirectory)
      script: |
        #!/bin/sh
        set -e
        apk add --no-cache coreutils

        for key in $(params.keys); do
          echo "encoding $key"
          key_decoded=$(echo "$key" | sed 's/__/\//g')
          echo "decoding $key_decoded"
          target="/workspace/shared/$(params.subdirectory)/___HOME___/$key_decoded"
          mkdir -p "$(dirname "$target")"
          cp "/workspace/credentials/$key" "$target"
        done