Special characters in GitHub Actions workflow secret are not being preserved

341 views Asked by At

I am working on an GitHub Actions workflow which builds the signed apk and deploys to playstore. For signing the apk we need key.properties file which contains

storePassword=abc-m0bile-Pa$$
keyPassword=password_of_key
keyAlias=alias_value
storeFile=./path_of_jks_file

I am storing the storePassword in git secrets and then retreive the value in the workflow. When the password is retrieved in the workflow the "$$" in the password are substituted autmatically into 4594.

I mean the password : "fn7-m0bile-Pa$$" is converted into "fn7-m0bile-Pa4594".

Below is the code block which retrives the secret and writes down in the key.properties file

# Create the key.properties file with secrets
      - name: Create key.properties
        run: |
          echo "storeFile=${{ steps.android_keystore.outputs.filePath }}" > android/key.properties
          echo "keyAlias=${{ secrets.KEY_ALIAS }}" >> android/key.properties
          echo "storePassword=${{ secrets.STORE_PASSWORD }}" >> android/key.properties
          echo "keyPassword=${{ secrets.KEY_PASSWORD }}" >> android/key.properties

this is how I know that the password being fetched from the secrets is not correct or being manipulated somehow

 name: Debug Keystore Information
        run: |
          echo "Keystore File: ${{ steps.android_keystore.outputs.filePath }}"
          echo "Key Alias: ${{ secrets.KEY_ALIAS }}"
          echo "storePassword=${{ secrets.STORE_PASSWORD }}"
          echo "keyPassword=${{ secrets.KEY_PASSWORD }}"
        env:
          YOUR_KEYSTORE_PASSWORD: ${{ secrets.KEY_PASSWORD }}

UPDATE

This is what i have tried so far to solve the issue

1. Escape the Dollar Sign: Escape the dollar sign in store password using double dollar signs ($$).

echo "storePassword=${{ secrets.STORE_PASSWORD // '$' / '$$' }}" >> android/key.properties

result: It did not work, and failed with the error that syntax is invalid.

2. Use Single Quotes: Enclose the password values in single quotes, which prevents special characters from being interpreted.

echo "storePassword='${{ secrets.STORE_PASSWORD }}'" >> android/key.properties

result: Failed as it is still converting the $$ into 1716

3. Use sed Command: This uses the sed command to replace the dollar sign ($) with a backslash and dollar sign ($).

echo "storePassword=$(echo '${{ secrets.STORE_PASSWORD }}' | sed 's/\$/\\$/g')" >> android/key.properties

result: It got me a little closer as the output was Pa$$

4. Encode storePassword into base64: I converted the password into base64 and then stored in the git secrets. In the workflow I fetched the encoded password and then decode it from base64

- name: Decode and set environment variables
  run: |
    ENCODED_STORE_PASSWORD=${{ secrets.ENCODED_STORE_PASSWORD }}
    ENCODED_KEY_PASSWORD=${{ secrets.ENCODED_KEY_PASSWORD }}
    
    DECODED_STORE_PASSWORD=$(echo "$ENCODED_STORE_PASSWORD" | base64 --decode)
    DECODED_KEY_PASSWORD=$(echo "$ENCODED_KEY_PASSWORD" | base64 --decode)
    
    echo "DECODED_STORE_PASSWORD=$DECODED_STORE_PASSWORD" >> $GITHUB_ENV
    echo "DECODED_KEY_PASSWORD=$DECODED_KEY_PASSWORD" >> $GITHUB_ENV

result: It got me a little closer as the output was Pa$$

I even tried encoding the key.properties file, store it as git_secret, and retrieve that secret in the workflow, decode it and then directly provide the values required for signing the apk. but it also did not work.

1

There are 1 answers

0
Hassan Arshad On BEST ANSWER

there is a simple solution for your problem. Just update your git secret STORE_PASSWORD as follows

abc-m0bile-Pa\$$

you just need to put a "\" before the $$ and you will not get any errors.