Moved secrets to env vars to avoid expansion in run blocks

adamlui · adamlui · commit ea26899bbd27 · 2025-09-22T21:51:53.000-07:00
diff --git a/.github/workflows/sync-changes-to-gitlab.yml b/.github/workflows/sync-changes-to-gitlab.yml
@@ -22,6 +22,8 @@ jobs:
           fetch-depth: 0
 
       - name: Push changes to gitlab.com/kudoai/chatgpt-js
+        env:
+          GITLAB_SYNC_PAT: ${{ secrets.GITLAB_SYNC_PAT }}
         run: |
           git push --force -o ci.skip \
-            https://oauth2:${{ secrets.GITLAB_SYNC_PAT }}@gitlab.com/kudoai/chatgpt-js.git main
+            https://oauth2:$GITLAB_SYNC_PAT@gitlab.com/kudoai/chatgpt-js.git main
diff --git a/.github/workflows/sync-chatgpt.js-changes-to-chrome-starter.yml b/.github/workflows/sync-chatgpt.js-changes-to-chrome-starter.yml
@@ -52,14 +52,17 @@ jobs:
           echo "ESCAPED_MSG<<EOF" >> $GITHUB_ENV
           echo "$COMMIT_MSG" | sed 's/`/\`/g' >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
-      
+
       - name: Config committer
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PRIVATE_ID: ${{ secrets.GPG_PRIVATE_ID }}
         run: |
-          gpg --batch --import <(echo "${{ secrets.GPG_PRIVATE_KEY }}")
+          gpg --batch --import <(echo "$GPG_PRIVATE_KEY")
           git config --global commit.gpgsign true
           git config --global user.name "kudo-sync-bot"
           git config --global user.email "auto-sync@kudoai.com"
-          git config --global user.signingkey "${{ secrets.GPG_PRIVATE_ID }}"
+          git config --global user.signingkey "$GPG_PRIVATE_ID"
 
       - name: Push changes to KudoAI/chatgpt.js
         run: |
diff --git a/.github/workflows/sync-chrome-starter-changes.yml b/.github/workflows/sync-chrome-starter-changes.yml
@@ -42,14 +42,17 @@ jobs:
           echo "ESCAPED_MSG<<EOF" >> $GITHUB_ENV
           echo "$COMMIT_MSG" | sed 's/`/\`/g' >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
-      
+
       - name: Config committer
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PRIVATE_ID: ${{ secrets.GPG_PRIVATE_ID }}
         run: |
-          gpg --batch --import <(echo "${{ secrets.GPG_PRIVATE_KEY }}")
+          gpg --batch --import <(echo "$GPG_PRIVATE_KEY")
           git config --global commit.gpgsign true
           git config --global user.name "kudo-sync-bot"
           git config --global user.email "auto-sync@kudoai.com"
-          git config --global user.signingkey "${{ secrets.GPG_PRIVATE_ID }}"
+          git config --global user.signingkey "$GPG_PRIVATE_ID"
 
       - name: Push changes to KudoAI/chatgpt.js-chrome-starter
         run: |
diff --git a/.github/workflows/sync-en-readme-changes.yml b/.github/workflows/sync-en-readme-changes.yml
@@ -43,14 +43,17 @@ jobs:
           echo "ESCAPED_MSG<<EOF" >> $GITHUB_ENV
           echo "$COMMIT_MSG" | sed 's/`/\`/g' >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
-      
+
       - name: Config committer
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PRIVATE_ID: ${{ secrets.GPG_PRIVATE_ID }}
         run: |
-          gpg --batch --import <(echo "${{ secrets.GPG_PRIVATE_KEY }}")
+          gpg --batch --import <(echo "$GPG_PRIVATE_KEY")
           git config --global commit.gpgsign true
           git config --global user.name "kudo-sync-bot"
           git config --global user.email "auto-sync@kudoai.com"
-          git config --global user.signingkey "${{ secrets.GPG_PRIVATE_ID }}"
+          git config --global user.signingkey "$GPG_PRIVATE_ID"
 
       - name: Push changes to KudoAI/chatgpt.js
         run: |
diff --git a/.github/workflows/sync-greasemonkey-starter-changes.yml b/.github/workflows/sync-greasemonkey-starter-changes.yml
@@ -42,14 +42,17 @@ jobs:
           echo "ESCAPED_MSG<<EOF" >> $GITHUB_ENV
           echo "$COMMIT_MSG" | sed 's/`/\`/g' >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
-      
+
       - name: Config committer
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PRIVATE_ID: ${{ secrets.GPG_PRIVATE_ID }}
         run: |
-          gpg --batch --import <(echo "${{ secrets.GPG_PRIVATE_KEY }}")
+          gpg --batch --import <(echo "$GPG_PRIVATE_KEY")
           git config --global commit.gpgsign true
           git config --global user.name "kudo-sync-bot"
           git config --global user.email "auto-sync@kudoai.com"
-          git config --global user.signingkey "${{ secrets.GPG_PRIVATE_ID }}"
+          git config --global user.signingkey "$GPG_PRIVATE_ID"
 
       - name: Push changes to KudoAI/chatgpt.js-greasemonkey-starter
         run: |
