Merge pull request #471 from depot/luke/jj-tspmvvlxqptp

lukevmorris · web-flow · commit a586c1934b7a · 2026-03-27T16:24:26.000-07:00
feat: support bulk KEY=VALUE pairs for secrets and variables
diff --git a/pkg/api/ci.go b/pkg/api/ci.go
@@ -179,6 +179,17 @@ func CIListSecrets(ctx context.Context, token, orgID, repo string) ([]CISecret,
 	return secrets, nil
 }
 
+// CIBatchAddSecrets adds multiple CI secrets in a single request, optionally scoped to a repo.
+func CIBatchAddSecrets(ctx context.Context, token, orgID string, secrets []*civ2.SecretInput, repo string) error {
+	client := newCISecretServiceV2Client()
+	if repo != "" {
+		_, err := client.BatchAddRepoSecrets(ctx, WithAuthenticationAndOrg(connect.NewRequest(&civ2.BatchAddRepoSecretsRequest{Repo: repo, Secrets: secrets}), token, orgID))
+		return err
+	}
+	_, err := client.BatchAddOrgSecrets(ctx, WithAuthenticationAndOrg(connect.NewRequest(&civ2.BatchAddOrgSecretsRequest{Secrets: secrets}), token, orgID))
+	return err
+}
+
 // CIDeleteSecret deletes a CI secret, optionally scoped to a repo.
 func CIDeleteSecret(ctx context.Context, token, orgID, name, repo string) error {
 	client := newCISecretServiceV2Client()
@@ -253,6 +264,17 @@ func CIListVariables(ctx context.Context, token, orgID, repo string) ([]CIVariab
 	return variables, nil
 }
 
+// CIBatchAddVariables adds multiple CI variables in a single request, optionally scoped to a repo.
+func CIBatchAddVariables(ctx context.Context, token, orgID string, variables []*civ2.VariableInput, repo string) error {
+	client := newCIVariableServiceV2Client()
+	if repo != "" {
+		_, err := client.BatchAddRepoVariables(ctx, WithAuthenticationAndOrg(connect.NewRequest(&civ2.BatchAddRepoVariablesRequest{Repo: repo, Variables: variables}), token, orgID))
+		return err
+	}
+	_, err := client.BatchAddOrgVariables(ctx, WithAuthenticationAndOrg(connect.NewRequest(&civ2.BatchAddOrgVariablesRequest{Variables: variables}), token, orgID))
+	return err
+}
+
 // CIDeleteVariable deletes a CI variable, optionally scoped to a repo.
 func CIDeleteVariable(ctx context.Context, token, orgID, name, repo string) error {
 	client := newCIVariableServiceV2Client()
diff --git a/pkg/cmd/ci/secrets.go b/pkg/cmd/ci/secrets.go
@@ -9,6 +9,7 @@ import (
 	"github.com/depot/cli/pkg/api"
 	"github.com/depot/cli/pkg/config"
 	"github.com/depot/cli/pkg/helpers"
+	civ2 "github.com/depot/cli/pkg/proto/depot/ci/v2"
 	"github.com/spf13/cobra"
 )
 
@@ -21,6 +22,9 @@ func NewCmdSecrets() *cobra.Command {
   depot ci secrets add GITHUB_TOKEN
   depot ci secrets add MY_API_KEY --value "secret-value"
 
+  # Add multiple secrets at once
+  depot ci secrets add FOO=bar BAZ=qux
+
   # Add a repo-specific secret
   depot ci secrets add MY_API_KEY --repo owner/repo --value "secret-value"
 
@@ -54,31 +58,35 @@ func NewCmdSecretsAdd() *cobra.Command {
 	)
 
 	cmd := &cobra.Command{
-		Use:   "add SECRET_NAME",
-		Short: "Add a new CI secret",
-		Long: `Add a new secret that can be used in Depot CI workflows.
-If --value is not provided, you will be prompted to enter the secret value securely.
-Use --repo to scope the secret to a specific repository. Without --repo, the secret
-applies to all repositories in the organization.`,
+		Use:   "add [SECRET_NAME | KEY=VALUE ...]",
+		Short: "Add one or more CI secrets",
+		Long: `Add secrets that can be used in Depot CI workflows.
+
+Supports three modes:
+  1. Single secret with --value flag: depot ci secrets add SECRET_NAME --value "val"
+  2. Single secret with interactive prompt: depot ci secrets add SECRET_NAME
+  3. Bulk KEY=VALUE pairs: depot ci secrets add FOO=bar BAZ=qux
+
+The --value and --description flags cannot be used with KEY=VALUE pairs.
+Use --repo to scope secrets to a specific repository. Without --repo, secrets
+apply to all repositories in the organization.`,
 		Example: `  # Add an org-wide secret with interactive prompt
   depot ci secrets add GITHUB_TOKEN
 
   # Add an org-wide secret with value from command line
   depot ci secrets add MY_API_KEY --value "secret-value"
 
+  # Add multiple secrets at once
+  depot ci secrets add FOO=bar BAZ=qux
+
   # Add a repo-specific secret
   depot ci secrets add DATABASE_URL --repo owner/repo --value "prod-db-url"
 
   # Add a secret with description
   depot ci secrets add DATABASE_URL --description "Production database connection string"`,
-		Args: cobra.ExactArgs(1),
+		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			ctx := cmd.Context()
-			secretName := args[0]
-
-			if secretName == "" {
-				return fmt.Errorf("secret name cannot be empty")
-			}
 
 			if orgID == "" {
 				orgID = config.GetCurrentOrganization()
@@ -93,6 +101,59 @@ applies to all repositories in the organization.`,
 				return fmt.Errorf("missing API token, please run `depot login`")
 			}
 
+			scope := "org-wide"
+			if repo != "" {
+				scope = repo
+			}
+
+			// Detect KEY=VALUE pairs
+			hasKVPairs := false
+			for _, arg := range args {
+				if strings.Contains(arg, "=") {
+					hasKVPairs = true
+					break
+				}
+			}
+
+			if hasKVPairs {
+				// Bulk mode: all args must be KEY=VALUE
+				if value != "" {
+					return fmt.Errorf("cannot use --value with KEY=VALUE arguments")
+				}
+				if description != "" {
+					return fmt.Errorf("cannot use --description with KEY=VALUE arguments")
+				}
+
+				var secrets []*civ2.SecretInput
+				for _, arg := range args {
+					parts := strings.SplitN(arg, "=", 2)
+					if len(parts) != 2 || parts[0] == "" {
+						return fmt.Errorf("invalid argument %q — expected KEY=VALUE format", arg)
+					}
+					secrets = append(secrets, &civ2.SecretInput{Name: parts[0], Value: parts[1]})
+				}
+
+				err := api.CIBatchAddSecrets(ctx, tokenVal, orgID, secrets, repo)
+				if err != nil {
+					return fmt.Errorf("failed to add secrets: %w", err)
+				}
+
+				for _, s := range secrets {
+					fmt.Printf("Successfully added CI secret '%s' (%s)\n", s.Name, scope)
+				}
+				return nil
+			}
+
+			// Single mode: first arg is secret name
+			if len(args) > 1 {
+				return fmt.Errorf("too many arguments — did you mean to use KEY=VALUE format?")
+			}
+
+			secretName := args[0]
+			if secretName == "" {
+				return fmt.Errorf("secret name cannot be empty")
+			}
+
 			secretValue := value
 			if secretValue == "" {
 				secretValue, err = helpers.PromptForSecret(fmt.Sprintf("Enter value for secret '%s': ", secretName))
@@ -106,10 +167,6 @@ applies to all repositories in the organization.`,
 				return fmt.Errorf("failed to add secret: %w", err)
 			}
 
-			scope := "org-wide"
-			if repo != "" {
-				scope = repo
-			}
 			fmt.Printf("Successfully added CI secret '%s' (%s)\n", secretName, scope)
 			return nil
 		},
diff --git a/pkg/cmd/ci/vars.go b/pkg/cmd/ci/vars.go
@@ -9,6 +9,7 @@ import (
 	"github.com/depot/cli/pkg/api"
 	"github.com/depot/cli/pkg/config"
 	"github.com/depot/cli/pkg/helpers"
+	civ2 "github.com/depot/cli/pkg/proto/depot/ci/v2"
 	"github.com/spf13/cobra"
 )
 
@@ -21,6 +22,9 @@ func NewCmdVars() *cobra.Command {
   depot ci vars add GITHUB_REPO
   depot ci vars add MY_SERVICE_NAME --value "my_service"
 
+  # Add multiple variables at once
+  depot ci vars add REGION=us-east-1 ENV=prod
+
   # Add a repo-specific variable
   depot ci vars add MY_SERVICE_NAME --repo owner/repo --value "my_service"
 
@@ -51,28 +55,32 @@ func NewCmdVarsAdd() *cobra.Command {
 	)
 
 	cmd := &cobra.Command{
-		Use:   "add VAR_NAME",
-		Short: "Add a new CI variable",
-		Long: `Add a new variable that can be used in Depot CI workflows.
-If --value is not provided, you will be prompted to enter the variable value.
-Use --repo to scope the variable to a specific repository. Without --repo, the
-variable applies to all repositories in the organization.`,
+		Use:   "add [VAR_NAME | KEY=VALUE ...]",
+		Short: "Add one or more CI variables",
+		Long: `Add variables that can be used in Depot CI workflows.
+
+Supports three modes:
+  1. Single variable with --value flag: depot ci vars add VAR_NAME --value "val"
+  2. Single variable with interactive prompt: depot ci vars add VAR_NAME
+  3. Bulk KEY=VALUE pairs: depot ci vars add FOO=bar BAZ=qux
+
+The --value flag cannot be used with KEY=VALUE pairs.
+Use --repo to scope variables to a specific repository. Without --repo, variables
+apply to all repositories in the organization.`,
 		Example: `  # Add an org-wide variable with interactive prompt
   depot ci vars add GITHUB_REPO
 
   # Add an org-wide variable with value from command line
   depot ci vars add MY_SERVICE_NAME --value "my_service"
 
+  # Add multiple variables at once
+  depot ci vars add REGION=us-east-1 ENV=prod
+
   # Add a repo-specific variable
   depot ci vars add DEPLOY_ENV --repo owner/repo --value "production"`,
-		Args: cobra.ExactArgs(1),
+		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			ctx := cmd.Context()
-			varName := args[0]
-
-			if varName == "" {
-				return fmt.Errorf("variable name cannot be empty")
-			}
 
 			if orgID == "" {
 				orgID = config.GetCurrentOrganization()
@@ -87,6 +95,56 @@ variable applies to all repositories in the organization.`,
 				return fmt.Errorf("missing API token, please run `depot login`")
 			}
 
+			scope := "org-wide"
+			if repo != "" {
+				scope = repo
+			}
+
+			// Detect KEY=VALUE pairs
+			hasKVPairs := false
+			for _, arg := range args {
+				if strings.Contains(arg, "=") {
+					hasKVPairs = true
+					break
+				}
+			}
+
+			if hasKVPairs {
+				// Bulk mode: all args must be KEY=VALUE
+				if value != "" {
+					return fmt.Errorf("cannot use --value with KEY=VALUE arguments")
+				}
+
+				var variables []*civ2.VariableInput
+				for _, arg := range args {
+					parts := strings.SplitN(arg, "=", 2)
+					if len(parts) != 2 || parts[0] == "" {
+						return fmt.Errorf("invalid argument %q — expected KEY=VALUE format", arg)
+					}
+					variables = append(variables, &civ2.VariableInput{Name: parts[0], Value: parts[1]})
+				}
+
+				err := api.CIBatchAddVariables(ctx, tokenVal, orgID, variables, repo)
+				if err != nil {
+					return fmt.Errorf("failed to add variables: %w", err)
+				}
+
+				for _, v := range variables {
+					fmt.Printf("Successfully added CI variable '%s' (%s)\n", v.Name, scope)
+				}
+				return nil
+			}
+
+			// Single mode: first arg is variable name
+			if len(args) > 1 {
+				return fmt.Errorf("too many arguments — did you mean to use KEY=VALUE format?")
+			}
+
+			varName := args[0]
+			if varName == "" {
+				return fmt.Errorf("variable name cannot be empty")
+			}
+
 			varValue := value
 			if varValue == "" {
 				varValue, err = helpers.PromptForValue(fmt.Sprintf("Enter value for variable '%s': ", varName))
@@ -100,10 +158,6 @@ variable applies to all repositories in the organization.`,
 				return fmt.Errorf("failed to add CI variable: %w", err)
 			}
 
-			scope := "org-wide"
-			if repo != "" {
-				scope = repo
-			}
 			fmt.Printf("Successfully added CI variable '%s' (%s)\n", varName, scope)
 			return nil
 		},
