There are two issues with the GitHub publish workflow:
the secrets environment variables are not being passed all the way into the systemd container
the environment variables in the sudo command in the workflow yaml make it difficult to read it
This PR fixes both issues, by using --setenv in the systemd-nspawn command in build-enter.sh, and replacing the sudo env VARIABLE="$VARIABLE"... chain with sudo --preserve-env.
(My assumptions about GitHub's sudo configuration were incorrect when I initially wrote the workflow. I believed the configuration wouldn't allow --preserve-env to be used for sudo commands without being configured first in /etc/sudoers. This is not true, and the environment is correctly preserved when the --preserve-env argument is specified on the command.)
There are two issues with the GitHub publish workflow:
sudo
command in the workflow yaml make it difficult to read itThis PR fixes both issues, by using
--setenv
in thesystemd-nspawn
command inbuild-enter.sh
, and replacing thesudo env VARIABLE="$VARIABLE"...
chain withsudo --preserve-env
.(My assumptions about GitHub's sudo configuration were incorrect when I initially wrote the workflow. I believed the configuration wouldn't allow
--preserve-env
to be used forsudo
commands without being configured first in/etc/sudoers
. This is not true, and the environment is correctly preserved when the--preserve-env
argument is specified on the command.)