From a7f3aadef96426ee318fef7c4f9016306ca042ca Mon Sep 17 00:00:00 2001
From: Francis Secada <francis.secada@gmail.com>
Date: Wed, 4 Feb 2026 16:28:10 -0500
Subject: [PATCH] fix(ci): use printf for safe JSON handling with special
 characters

Issue: Secrets with special characters (SSH_PRIVATE_KEY) breaking shell
Error: "command not found" due to shell interpreting secret values

Root Cause: echo interprets escape sequences and special characters
Fix: Use printf '%s' for literal string output

Changes:
- Replace echo with printf '%s' for safe JSON handling
- Filter out github_token (not needed in .env)
- Multi-line jq for better readability

This fixes multiline secrets (SSH keys, certificates, etc.)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .github/actions/setup-env/action.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/actions/setup-env/action.yml b/.github/actions/setup-env/action.yml
index fa316cf..8d4efcd 100644
--- a/.github/actions/setup-env/action.yml
+++ b/.github/actions/setup-env/action.yml
@@ -14,8 +14,12 @@ runs:
       run: |
         echo "TESTING=true" > .env
 
-        # Parse JSON secrets and write to .env
-        echo '${{ inputs.secrets }}' | jq -r 'to_entries[] | "\(.key)=\(.value)"' >> .env
+        # Use printf to safely handle JSON with special characters
+        printf '%s' '${{ inputs.secrets }}' | jq -r '
+          to_entries[] |
+          select(.key != "github_token") |
+          "\(.key)=\(.value)"
+        ' >> .env
 
         echo "✅ Generated .env with $(wc -l < .env) environment variables"