@ChristopherHX thanks for the suggestion. I've tried what was recommended using single quotes around 'EOF', but that never worked.
The workaround was using base64 encode/decode and storing the entire config as a single secret instead of injecting the values runtime when setting up CLI utils config.
mkdir -p "$HOME/.config/openstack" echo "${{ secrets.CLOUDS_YAML_B64 }}" | base64 --decode > "$HOME/.config/openstack/clouds.yaml"
There is some scope for improvement in terms of end-user experience, rather than having to escape the special chars ('$') or think about how many languages need to be interpreted in my steps.
How can I handle special characters with GitHub secret when moving them around?
Unable to store special characters in github secrets - Stack Overflow
Secret with special/escape characters fails when used
How can we identify the special characters that cannot be directly given as GitHub Actions Secrets - Stack Overflow
I am having an issue with GitHub Actions where I am having difficultly with my project trying to setup the environment variables loaded from a secret.
Within my project I read and load my environment variables from a `.dev.env` file as follows,
from dotenv import load_dotenv load_dotenv(join(dirname(__file__), ".dev.env"))
The necessary components of the workflow for creating the `.dev.env` is,
- name: Create .dev.env file
working-directory: app/backend
run: printf "${{ secrets.DEV_DOT_ENV }}" > .dev.envDespite my environment variables loading when running locally, it consistently fails on GitHub Actions. My secret is set to the name `DEV_DOT_ENV` and is a single multiline output that is the content of my local `.dev.env`, a small snippet is (slightly changed secrets),
DEBUG="TRUE" DJANGO_SECRET_KEY="django-insecure-_l6iqyh=er-f3ap!cwmod@p(!48l!yr123456789_" FIREBASE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCo37T214PIWAok\n+egKZKSDgq..."
I believe that I am having difficulty getting a 1 to 1 copy of the assigned string into the file.
At first I attempted to use echo ${{ secrets.DEV_DOT_ENV }} > .dev.env but ran into issues with the new line characters inside the `FIREBASE_PRIVATE_KEY` as it treated the spaces as seperation within the echo and also treated the \n inside the file as a backslash n and not an actual new line character.
From here I learnt to surround it in quotes in order to prevent this, but it seems the `!` it causing issues inside the DJANGO_SECRET_KEY, e.g.
printf DJANGO_SECRET_KEY="django-insecure-_l6iqyh=er-f3ap!cwmod@p(!48l!y" > t
will give me an errors, despite being quote surrounded. At this point I do not know how get a 1:1 mapping of the content I put inside as I keep running inside errors with new line characters, ! and quotes that inside the YAML file.
The latest error on the workflow execution was
/home/runner/work/_temp/1ff40a34-f08f-487a-b814-2d8635379afd.sh: line 3: syntax error near unexpected token `('My secret into GitHub was assigned a name, `DEV_DOT_ENV` where I plopped the multiline string containing the special characters that I want the `load_dotenv` to find and load. How can this be accomplished?
You need to use escape character before the special character like: Ri\$hab
I tried on a project of mine, and I don't have this problem, the secret is created sucessfully...
A 401 Error could mean you don't have the rights on this repository.
Also, there are rules on the name of your secret
Secret names cannot include any spaces or start with the GITHUB_ prefix.
there is a simple solution for your problem. Just update your git secret STORE_PASSWORD as follows
abc-m0bile-Pa\$$
you just need to put a "\" before the $$ and you will not get any errors.
Single quotes with nested echo works for my case:
echo "storePassword=$(echo '${{ secrets.STORE_PASSWORD }}')" >> $GITHUB_ENV