Add GitHub action that checks coverage of secrets by bin/generate-secrets

Also fixes some problems with secret replacement :)

Author: pvannierop

.github/workflows/check_secret_replacement.yaml

@@ -0,0 +1,33 @@
+name: Check missed fields during secret generation
+
+on:
+  pull_request:
+    branches:
+      - '**' # This will trigger the workflow for any PR branch
+
+jobs:
+  check_secrets:
+         runs-on: ubuntu-latest
+
+         steps:
+           - name: Checkout repository
+             uses: actions/checkout@v2
+
+           - name: Install yq
+             uses: dcarbone/[email protected]
+
+           - name: Run bin/generate-secrets
+             run: bin/generate-secrets
+
+           - name: Check all "secret" fields are replaced
+             run: |
+               mistakes=$(yq e '.. | select(. == "secret") | {(path | join(".")): .}' etc/secrets.yaml); \
+               num_of_mistakes=$(echo $mistakes | sed '/^$/d' | wc -l); \
+               if (( $num_of_mistakes > 0 )); then \
+                echo "Not all 'secret' fields were replaced by the bin/generate-secrets script. Please make sure to cover the following fields with an 'insert_secret' entry:"; \
+                echo $mistakes; \
+                exit 1; \
+               else \
+                echo "Perfect! All secret fields were replaced by the bin/generate-secrets script."; \
+                exit 0; \
+               fi;