Use echo instead of heredoc

azvoleff · azvoleff · commit a54e7bee99fc · 2026-01-30T10:08:45.000-05:00
diff --git a/.github/workflows/codedeploy_production.yml b/.github/workflows/codedeploy_production.yml
@@ -162,62 +162,65 @@ jobs:
       env:
         ECR_REGISTRY: ${{ steps.images.outputs.ecr-registry }}
         API_IMAGE: ${{ steps.images.outputs.api-image }}
+        SECRET_KEY: ${{ secrets.SECRET_KEY }}
+        JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
+        DATABASE_URL: ${{ secrets.PRODUCTION_DATABASE_URL }}
+        GEE_SERVICE_ACCOUNT_JSON: ${{ secrets.GEE_SERVICE_ACCOUNT_JSON }}
+        ROLLBAR_SCRIPT_TOKEN: ${{ secrets.ROLLBAR_SCRIPT_TOKEN }}
+        API_URL: ${{ secrets.PRODUCTION_API_URL }}
+        S3_BUCKET_NAME: ${{ secrets.PRODUCTION_S3_BUCKET_NAME }}
+        SPARKPOST_API_KEY: ${{ secrets.SPARKPOST_API_KEY }}
       run: |
         # Generate prod.env with secrets from GitHub
         # This file is included in the deployment package and copied to the server
-        # Uses prod.env to match docker-compose.prod.yml env_file reference
-        cat > prod.env << 'ENVEOF'
-# Generated by GitHub Actions
-# Commit: ${{ github.sha }}
-
-# ECR Images (pre-built in CI)
-ENVEOF
-        # Add variables that need shell expansion
-        echo "ECR_REGISTRY=$ECR_REGISTRY" >> prod.env
-        echo "API_IMAGE=$API_IMAGE" >> prod.env
-        cat >> prod.env << 'ENVEOF'
-
-# Environment
-ENVIRONMENT=production
-DEBUG=False
-TESTING=false
-
-# Flask/API Configuration
-SECRET_KEY=${{ secrets.SECRET_KEY }}
-JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
-
-# Database Configuration
-DATABASE_URL=${{ secrets.PRODUCTION_DATABASE_URL }}
-
-# Redis Configuration (uses stack's Redis service)
-REDIS_URL=redis://redis:6379/0
-
-# Rate Limiting (uses stack's Redis service on database 1)
-RATE_LIMITING_ENABLED=true
-RATE_LIMIT_STORAGE_URI=redis://redis:6379/1
-
-# Google Earth Engine
-GEE_SERVICE_ACCOUNT_JSON=${{ secrets.GEE_SERVICE_ACCOUNT_JSON }}
-
-# Rollbar Error Tracking
-ROLLBAR_SCRIPT_TOKEN=${{ secrets.ROLLBAR_SCRIPT_TOKEN }}
-ROLLBAR_ENV=production
-
-# API URLs
-API_URL=${{ secrets.PRODUCTION_API_URL }}
-
-# S3 Configuration (uses EC2 instance role for credentials)
-S3_BUCKET_NAME=${{ secrets.PRODUCTION_S3_BUCKET_NAME }}
-
-# Email Configuration (SparkPost)
-SPARKPOST_API_KEY=${{ secrets.SPARKPOST_API_KEY }}
-
-# Deployment info
-GIT_REVISION=${{ github.sha }}
-GIT_BRANCH=${{ github.ref_name }}
-DEPLOYMENT_ENVIRONMENT=production
-ENVEOF
-
+        {
+          echo "# Generated by GitHub Actions"
+          echo "# Commit: ${{ github.sha }}"
+          echo ""
+          echo "# ECR Images (pre-built in CI)"
+          echo "ECR_REGISTRY=$ECR_REGISTRY"
+          echo "API_IMAGE=$API_IMAGE"
+          echo ""
+          echo "# Environment"
+          echo "ENVIRONMENT=production"
+          echo "DEBUG=False"
+          echo "TESTING=false"
+          echo ""
+          echo "# Flask/API Configuration"
+          echo "SECRET_KEY=$SECRET_KEY"
+          echo "JWT_SECRET_KEY=$JWT_SECRET_KEY"
+          echo ""
+          echo "# Database Configuration"
+          echo "DATABASE_URL=$DATABASE_URL"
+          echo ""
+          echo "# Redis Configuration (uses stack Redis service)"
+          echo "REDIS_URL=redis://redis:6379/0"
+          echo ""
+          echo "# Rate Limiting (uses stack Redis service on database 1)"
+          echo "RATE_LIMITING_ENABLED=true"
+          echo "RATE_LIMIT_STORAGE_URI=redis://redis:6379/1"
+          echo ""
+          echo "# Google Earth Engine"
+          echo "GEE_SERVICE_ACCOUNT_JSON=$GEE_SERVICE_ACCOUNT_JSON"
+          echo ""
+          echo "# Rollbar Error Tracking"
+          echo "ROLLBAR_SCRIPT_TOKEN=$ROLLBAR_SCRIPT_TOKEN"
+          echo "ROLLBAR_ENV=production"
+          echo ""
+          echo "# API URLs"
+          echo "API_URL=$API_URL"
+          echo ""
+          echo "# S3 Configuration (uses EC2 instance role for credentials)"
+          echo "S3_BUCKET_NAME=$S3_BUCKET_NAME"
+          echo ""
+          echo "# Email Configuration (SparkPost)"
+          echo "SPARKPOST_API_KEY=$SPARKPOST_API_KEY"
+          echo ""
+          echo "# Deployment info"
+          echo "GIT_REVISION=${{ github.sha }}"
+          echo "GIT_BRANCH=${{ github.ref_name }}"
+          echo "DEPLOYMENT_ENVIRONMENT=production"
+        } > prod.env
         echo "✅ Created prod.env with $(wc -l < prod.env) lines"
 
     - name: Update appspec.yml for production
diff --git a/.github/workflows/codedeploy_staging.yml b/.github/workflows/codedeploy_staging.yml
@@ -162,62 +162,65 @@ jobs:
       env:
         ECR_REGISTRY: ${{ steps.images.outputs.ecr-registry }}
         API_IMAGE: ${{ steps.images.outputs.api-image }}
+        SECRET_KEY: ${{ secrets.SECRET_KEY }}
+        JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
+        DATABASE_URL: ${{ secrets.STAGING_DATABASE_URL }}
+        GEE_SERVICE_ACCOUNT_JSON: ${{ secrets.GEE_SERVICE_ACCOUNT_JSON }}
+        ROLLBAR_SCRIPT_TOKEN: ${{ secrets.ROLLBAR_SCRIPT_TOKEN }}
+        API_URL: ${{ secrets.STAGING_API_URL }}
+        S3_BUCKET_NAME: ${{ secrets.STAGING_S3_BUCKET_NAME }}
+        SPARKPOST_API_KEY: ${{ secrets.SPARKPOST_API_KEY }}
       run: |
         # Generate staging.env with secrets from GitHub
         # This file is included in the deployment package and copied to the server
-        # Uses staging.env to match docker-compose.staging.yml env_file reference
-        cat > staging.env << 'ENVEOF'
-# Generated by GitHub Actions
-# Commit: ${{ github.sha }}
-
-# ECR Images (pre-built in CI)
-ENVEOF
-        # Add variables that need shell expansion
-        echo "ECR_REGISTRY=$ECR_REGISTRY" >> staging.env
-        echo "API_IMAGE=$API_IMAGE" >> staging.env
-        cat >> staging.env << 'ENVEOF'
-
-# Environment
-ENVIRONMENT=staging
-DEBUG=False
-TESTING=false
-
-# Flask/API Configuration
-SECRET_KEY=${{ secrets.SECRET_KEY }}
-JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
-
-# Database Configuration
-DATABASE_URL=${{ secrets.STAGING_DATABASE_URL }}
-
-# Redis Configuration (uses stack's Redis service)
-REDIS_URL=redis://redis:6379/0
-
-# Rate Limiting (uses stack's Redis service on database 1)
-RATE_LIMITING_ENABLED=true
-RATE_LIMIT_STORAGE_URI=redis://redis:6379/1
-
-# Google Earth Engine
-GEE_SERVICE_ACCOUNT_JSON=${{ secrets.GEE_SERVICE_ACCOUNT_JSON }}
-
-# Rollbar Error Tracking
-ROLLBAR_SCRIPT_TOKEN=${{ secrets.ROLLBAR_SCRIPT_TOKEN }}
-ROLLBAR_ENV=staging
-
-# API URLs
-API_URL=${{ secrets.STAGING_API_URL }}
-
-# S3 Configuration (uses EC2 instance role for credentials)
-S3_BUCKET_NAME=${{ secrets.STAGING_S3_BUCKET_NAME }}
-
-# Email Configuration (SparkPost)
-SPARKPOST_API_KEY=${{ secrets.SPARKPOST_API_KEY }}
-
-# Deployment info
-GIT_REVISION=${{ github.sha }}
-GIT_BRANCH=${{ github.ref_name }}
-DEPLOYMENT_ENVIRONMENT=staging
-ENVEOF
-
+        {
+          echo "# Generated by GitHub Actions"
+          echo "# Commit: ${{ github.sha }}"
+          echo ""
+          echo "# ECR Images (pre-built in CI)"
+          echo "ECR_REGISTRY=$ECR_REGISTRY"
+          echo "API_IMAGE=$API_IMAGE"
+          echo ""
+          echo "# Environment"
+          echo "ENVIRONMENT=staging"
+          echo "DEBUG=False"
+          echo "TESTING=false"
+          echo ""
+          echo "# Flask/API Configuration"
+          echo "SECRET_KEY=$SECRET_KEY"
+          echo "JWT_SECRET_KEY=$JWT_SECRET_KEY"
+          echo ""
+          echo "# Database Configuration"
+          echo "DATABASE_URL=$DATABASE_URL"
+          echo ""
+          echo "# Redis Configuration (uses stack Redis service)"
+          echo "REDIS_URL=redis://redis:6379/0"
+          echo ""
+          echo "# Rate Limiting (uses stack Redis service on database 1)"
+          echo "RATE_LIMITING_ENABLED=true"
+          echo "RATE_LIMIT_STORAGE_URI=redis://redis:6379/1"
+          echo ""
+          echo "# Google Earth Engine"
+          echo "GEE_SERVICE_ACCOUNT_JSON=$GEE_SERVICE_ACCOUNT_JSON"
+          echo ""
+          echo "# Rollbar Error Tracking"
+          echo "ROLLBAR_SCRIPT_TOKEN=$ROLLBAR_SCRIPT_TOKEN"
+          echo "ROLLBAR_ENV=staging"
+          echo ""
+          echo "# API URLs"
+          echo "API_URL=$API_URL"
+          echo ""
+          echo "# S3 Configuration (uses EC2 instance role for credentials)"
+          echo "S3_BUCKET_NAME=$S3_BUCKET_NAME"
+          echo ""
+          echo "# Email Configuration (SparkPost)"
+          echo "SPARKPOST_API_KEY=$SPARKPOST_API_KEY"
+          echo ""
+          echo "# Deployment info"
+          echo "GIT_REVISION=${{ github.sha }}"
+          echo "GIT_BRANCH=${{ github.ref_name }}"
+          echo "DEPLOYMENT_ENVIRONMENT=staging"
+        } > staging.env
         echo "✅ Created staging.env with $(wc -l < staging.env) lines"
 
     - name: Update appspec.yml for staging
