There are two issues with the GitHub publish workflow:
the secrets environment variables are not being passed all the way into the systemd container
the environment variables in the sudo command in the workflow yaml make it difficult to read it
This PR fixes both issues, by using --setenv in the systemd-nspawn command in build-enter.sh, and replacing the sudo env VARIABLE="$VARIABLE"... chain with sudo --preserve-env.
(My assumptions about GitHub's sudo configuration were incorrect when I initially wrote the workflow. I believed the configuration wouldn't allow --preserve-env to be used for sudo commands without being configured first in /etc/sudoers. This is not true, and the environment is correctly preserved when the --preserve-env argument is specified on the command.)
There are two issues with the GitHub publish workflow:
sudocommand in the workflow yaml make it difficult to read itThis PR fixes both issues, by using
--setenvin thesystemd-nspawncommand inbuild-enter.sh, and replacing thesudo env VARIABLE="$VARIABLE"...chain withsudo --preserve-env.(My assumptions about GitHub's sudo configuration were incorrect when I initially wrote the workflow. I believed the configuration wouldn't allow
--preserve-envto be used forsudocommands without being configured first in/etc/sudoers. This is not true, and the environment is correctly preserved when the--preserve-envargument is specified on the command.)