Fix workflow bash variable interpolation: use env vars for secrets with special chars

workcontrolgit · workcontrolgit · commit 695e1eebb3d4 · 2026-04-04T23:22:47.000-04:00
diff --git a/.github/workflows/deploy-api.yml b/.github/workflows/deploy-api.yml
@@ -61,21 +61,26 @@ jobs:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Configure App Service settings
+        env:
+          API_CONN: ${{ secrets.API_DB_CONNECTION_STRING }}
+          IDS_URL: ${{ secrets.IDENTITY_SERVER_URL }}
+          JWT_KEY: ${{ secrets.JWT_KEY }}
+          ANGULAR_URL: ${{ secrets.ANGULAR_APP_URL }}
         run: |
           az webapp config appsettings set \
             --resource-group ${{ env.RESOURCE_GROUP }} \
             --name ${{ env.APP_SERVICE_NAME }} \
             --settings \
-              "ConnectionStrings__DefaultConnection=${{ secrets.API_DB_CONNECTION_STRING }}" \
-              "Sts__ServerUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
-              "Sts__ValidIssuer=${{ secrets.IDENTITY_SERVER_URL }}" \
+              "ConnectionStrings__DefaultConnection=$API_CONN" \
+              "Sts__ServerUrl=$IDS_URL" \
+              "Sts__ValidIssuer=$IDS_URL" \
               "Sts__Audience=app.api.talentmanagement" \
-              "JWTSettings__Key=${{ secrets.JWT_KEY }}" \
+              "JWTSettings__Key=$JWT_KEY" \
               "JWTSettings__Issuer=CoreIdentity" \
               "JWTSettings__Audience=CoreIdentityUser" \
               "JWTSettings__DurationInMinutes=60" \
               "FeatureManagement__AuthEnabled=true" \
-              "Cors__AllowedOrigins__0=${{ secrets.ANGULAR_APP_URL }}" \
+              "Cors__AllowedOrigins__0=$ANGULAR_URL" \
               "ASPNETCORE_ENVIRONMENT=Production"
 
       - name: Deploy to Azure App Service
diff --git a/.github/workflows/deploy-identityserver.yml b/.github/workflows/deploy-identityserver.yml
@@ -71,32 +71,39 @@ jobs:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Configure STS App Service settings
+        env:
+          IDS_CONN: ${{ secrets.IDS_DB_CONNECTION_STRING }}
+          IDS_URL: ${{ secrets.IDENTITY_SERVER_URL }}
         run: |
           az webapp config appsettings set \
             --resource-group ${{ env.RESOURCE_GROUP }} \
             --name ${{ env.APP_SERVICE_NAME }} \
             --settings \
-              "ConnectionStrings__ConfigurationDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__PersistedGrantDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__IdentityDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__DataProtectionDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "AdminConfiguration__IdentityServerBaseUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
+              "ConnectionStrings__ConfigurationDbConnection=$IDS_CONN" \
+              "ConnectionStrings__PersistedGrantDbConnection=$IDS_CONN" \
+              "ConnectionStrings__IdentityDbConnection=$IDS_CONN" \
+              "ConnectionStrings__DataProtectionDbConnection=$IDS_CONN" \
+              "AdminConfiguration__IdentityServerBaseUrl=$IDS_URL" \
               "ASPNETCORE_ENVIRONMENT=Production"
 
       - name: Configure Admin App Service settings
+        env:
+          IDS_CONN: ${{ secrets.IDS_DB_CONNECTION_STRING }}
+          IDS_URL: ${{ secrets.IDENTITY_SERVER_URL }}
+          ADMIN_URL: ${{ secrets.IDENTITY_ADMIN_URL }}
         run: |
           az webapp config appsettings set \
             --resource-group ${{ env.RESOURCE_GROUP }} \
             --name ${{ env.ADMIN_APP_SERVICE_NAME }} \
             --settings \
-              "ConnectionStrings__ConfigurationDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__PersistedGrantDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__IdentityDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__AdminLogDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__AdminAuditLogDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "ConnectionStrings__DataProtectionDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
-              "AdminConfiguration__IdentityServerBaseUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
-              "AdminConfiguration__IdentityAdminRedirectUri=${{ secrets.IDENTITY_ADMIN_URL }}/signin-oidc" \
+              "ConnectionStrings__ConfigurationDbConnection=$IDS_CONN" \
+              "ConnectionStrings__PersistedGrantDbConnection=$IDS_CONN" \
+              "ConnectionStrings__IdentityDbConnection=$IDS_CONN" \
+              "ConnectionStrings__AdminLogDbConnection=$IDS_CONN" \
+              "ConnectionStrings__AdminAuditLogDbConnection=$IDS_CONN" \
+              "ConnectionStrings__DataProtectionDbConnection=$IDS_CONN" \
+              "AdminConfiguration__IdentityServerBaseUrl=$IDS_URL" \
+              "AdminConfiguration__IdentityAdminRedirectUri=$ADMIN_URL/signin-oidc" \
               "SeedConfiguration__ApplySeed=false" \
               "DatabaseMigrationsConfiguration__ApplyDatabaseMigrations=false" \
               "ASPNETCORE_ENVIRONMENT=Production"
