Move env stuff to .release-env

Joe Doss · Joe Doss · commit a93d86876e27 · 2025-03-26T12:10:22.000-05:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -90,6 +90,11 @@ jobs:
           # shellcheck disable=SC2129
           echo 'GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}' > .release-env
           echo 'GORELEASER_KEY=${{ secrets.GORELEASER_KEY }}' >>  .release-env
+          echo 'AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}' >>  .release-env
+          echo 'AWS_S3_BUCKET=${{ secrets.AWS_S3_BUCKET }}' >>  .release-env
+          echo 'AWS_S3_REGION=${{ secrets.AWS_S3_REGION }}' >>  .release-env
+          echo 'AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}' >>  .release-env
+          echo 'NFPM_PASSPHRASE=${{ secrets.GPG_PRIVATE_KEY_PASSWORD }}' >>  .release-env
 
       - name: Write GPG private key to file
         run: |
@@ -148,6 +153,7 @@ jobs:
       - name: Shred and remove GPG private key
         run: |
           shred -zun 3 "${GPG_PRIVATE_KEY_FILE}"
+          shred -zun 3 .release-env
         shell: bash
 
   build_upload_docker:
diff --git a/Makefile b/Makefile
@@ -144,16 +144,6 @@ release:
 		exit 1;\
 	fi
 	$Q @docker run --rm --privileged -e CGO_ENABLED=1 --env-file .release-env \
-		-e AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) \
-		-e AWS_S3_BUCKET=$(AWS_S3_BUCKET) \
-		-e AWS_S3_REGION=$(AWS_S3_REGION) \
-		-e AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) \
-		-e GITHUB_TOKEN=$(GITHUB_TOKEN) \
-		-e GORELEASER_KEY=$(GORELEASER_KEY) \
-		-e GPG_PRIVATE_KEY_FILE=$(GPG_PRIVATE_KEY_FILE) \
-		-e IS_PRERELEASE=$(IS_PRERELEASE) \
-		-e NFPM_PASSPHRASE=$(NFPM_PASSPHRASE) \
-		-e RELEASE_DATE=$(RELEASE_DATE) \
 		--entrypoint /go/src/$(PKG)/docker/build/entrypoint.sh \
 		-v ./$(GPG_PRIVATE_KEY_FILE):/$(GPG_PRIVATE_KEY_FILE) \
 		-v $(DOCKER_SOCK):/var/run/docker.sock \
