Fix deployment workflow to avoid resolving vars

mxsrc · boddumanohar · commit 13f711afe5c9 · 2026-03-25T18:18:57.000+05:30
When using double quotations, values that contain bash instructions will
attempt to be resolved, for example credentials using '$' symbols might
be invalidated this way. This switches to single quotes for all inputs
that are used directly, avoiding this issue.
diff --git a/.github/workflows/_deploy.yml b/.github/workflows/_deploy.yml
@@ -60,26 +60,26 @@ jobs:
           # vars.DOMAIN holds the base domain for the current environment.
           [ -n "${{ vars.DOMAIN }}" ] && HELM_EXTRA_ARGS+=(--set-string "domainSuffix=${{ vars.DOMAIN }}")
 
-          helm upgrade --install "${{ inputs.deployment_name }}" ./chart \
-            --namespace "${{ inputs.deployment_name }}" \
+          helm upgrade --install '${{ inputs.deployment_name }}' ./chart \
+            --namespace '${{ inputs.deployment_name }}' \
             --create-namespace \
             --wait \
             --timeout 10m \
-            --set-string domain="${{ inputs.domain || vars.DOMAIN }}" \
+            --set-string domain='${{ inputs.domain || vars.DOMAIN }}' \
             --set database.replicas=${{ inputs.environment == 'prod' && 3 || 1 }} \
             --set-string database.cpu="${{ inputs.environment == 'prod' && '1' || '500m' }}" \
             --set-string database.memory="${{ inputs.environment == 'prod' && '1Gi' || '0.5Gi' }}" \
             --set vector.useHostPath=${{ inputs.vector_host_path }} \
-            --set-string controller.image.tag="${{ inputs.image_tag }}" \
-            --set-string controller.env.VELA_DEPLOYMENT_NAMESPACE_PREFIX="${{ inputs.deployment_name }}" \
-            --set-string controller.env.VELA_CLOUDFLARE_API_TOKEN="${{ secrets.VELA_CLOUDFLARE_API_TOKEN }}" \
-            --set-string controller.env.VELA_CLOUDFLARE_ZONE_ID="${{ secrets.VELA_CLOUDFLARE_ZONE_ID }}" \
-            --set-string controller.env.VELA_KEYCLOAK_ADMIN_NAME="${{ secrets.VELA_KEYCLOAK_ADMIN_NAME }}" \
-            --set-string controller.env.VELA_KEYCLOAK_ADMIN_SECRET="${{ secrets.VELA_KEYCLOAK_ADMIN_SECRET }}" \
-            --set-string controller.env.VELA_BRANCH_REF="${{ vars.VELA_BRANCH_REF }}" \
-            --set-string controller.env.VELA_BRANCH_DB_REF="${{ vars.VELA_BRANCH_DB_REF }}" \
-            --set-string controller.env.VELA_ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER="${{ vars.ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER }}" \
-            --set-string controller.env.VELA_SIMPLYBLOCK_CSI_NAMESPACE="${{ vars.SIMPLYBLOCK_CSI_NAMESPACE }}" \
+            --set-string controller.image.tag='${{ inputs.image_tag }}' \
+            --set-string controller.env.VELA_DEPLOYMENT_NAMESPACE_PREFIX='${{ inputs.deployment_name }}' \
+            --set-string controller.env.VELA_CLOUDFLARE_API_TOKEN='${{ secrets.VELA_CLOUDFLARE_API_TOKEN }}' \
+            --set-string controller.env.VELA_CLOUDFLARE_ZONE_ID='${{ secrets.VELA_CLOUDFLARE_ZONE_ID }}' \
+            --set-string controller.env.VELA_KEYCLOAK_ADMIN_NAME='${{ secrets.VELA_KEYCLOAK_ADMIN_NAME }}' \
+            --set-string controller.env.VELA_KEYCLOAK_ADMIN_SECRET='${{ secrets.VELA_KEYCLOAK_ADMIN_SECRET }}' \
+            --set-string controller.env.VELA_BRANCH_REF='${{ vars.VELA_BRANCH_REF }}' \
+            --set-string controller.env.VELA_BRANCH_DB_REF='${{ vars.VELA_BRANCH_DB_REF }}' \
+            --set-string controller.env.VELA_ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER='${{ vars.ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER }}' \
+            --set-string controller.env.VELA_SIMPLYBLOCK_CSI_NAMESPACE='${{ vars.SIMPLYBLOCK_CSI_NAMESPACE }}' \
             --set-string studio.image.tag="${{ inputs.environment == 'prod' && 'latest' || 'dev' }}" \
-            --set-string monitoring.VELA_GRAFANA_SECURITY_ADMIN_PASSWORD="${{ secrets.VELA_GRAFANA_SECURITY_ADMIN_PASSWORD }}" \
+            --set-string monitoring.VELA_GRAFANA_SECURITY_ADMIN_PASSWORD='${{ secrets.VELA_GRAFANA_SECURITY_ADMIN_PASSWORD }}' \
             "${HELM_EXTRA_ARGS[@]}"
