Merge pull request #508 from dperaza4dustbit/synch_dh_1.8_req

Keeping github Nunjucks synched up with tssc-sample-template

Author: dperaza4dustbit

generated/gitops-template/githubactions/.github/workflows/gitops-promotion.yml

@@ -12,32 +12,32 @@ env:
 
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
-  IMAGE_REGISTRY: ${{ secrets.IMAGE_REGISTRY }}
+  IMAGE_REGISTRY: ${{ '${{' }} secrets.IMAGE_REGISTRY }}
 
   # Used to verify the image signature and attestation
-  COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
+  COSIGN_PUBLIC_KEY: ${{ '${{' }} vars.COSIGN_PUBLIC_KEY }}
   # URL of the BOMbastic api host (e.g. https://sbom.trustification.dev)
-  TRUSTIFICATION_BOMBASTIC_API_URL: ${{ vars.TRUSTIFICATION_BOMBASTIC_API_URL }}
+  TRUSTIFICATION_BOMBASTIC_API_URL: ${{ '${{' }} vars.TRUSTIFICATION_BOMBASTIC_API_URL }}
   # URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken)
-  TRUSTIFICATION_OIDC_ISSUER_URL: ${{ vars.TRUSTIFICATION_OIDC_ISSUER_URL }}
-  TRUSTIFICATION_OIDC_CLIENT_ID: ${{ vars.TRUSTIFICATION_OIDC_CLIENT_ID }}
-  TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: ${{ vars.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}
+  TRUSTIFICATION_OIDC_ISSUER_URL: ${{ '${{' }} vars.TRUSTIFICATION_OIDC_ISSUER_URL }}
+  TRUSTIFICATION_OIDC_CLIENT_ID: ${{ '${{' }} vars.TRUSTIFICATION_OIDC_CLIENT_ID }}
+  TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: ${{ '${{' }} vars.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}
   # Set this to the user for your specific registry
-  IMAGE_REGISTRY_USER: ${{ vars.IMAGE_REGISTRY_USER }}
+  IMAGE_REGISTRY_USER: ${{ '${{' }} vars.IMAGE_REGISTRY_USER }}
   # Set this only when using an external Rekor instance
-  REKOR_HOST: ${{ vars.REKOR_HOST }}
+  REKOR_HOST: ${{ '${{' }} vars.REKOR_HOST }}
   # Set this only when using an external TUF instance
-  TUF_MIRROR: ${{ vars.TUF_MIRROR }}
-  # QUAY_IO_CREDS_USR: ${{ vars.QUAY_IO_CREDS_USR }}
-  # ARTIFACTORY_IO_CREDS_USR: ${{ vars.ARTIFACTORY_IO_CREDS_USR }}
-  # NEXUS_IO_CREDS_USR: ${{ vars.NEXUS_IO_CREDS_USR }}
+  TUF_MIRROR: ${{ '${{' }} vars.TUF_MIRROR }}
+  # QUAY_IO_CREDS_USR: ${{ '${{' }} vars.QUAY_IO_CREDS_USR }}
+  # ARTIFACTORY_IO_CREDS_USR: ${{ '${{' }} vars.ARTIFACTORY_IO_CREDS_USR }}
+  # NEXUS_IO_CREDS_USR: ${{ '${{' }} vars.NEXUS_IO_CREDS_USR }}
   # Secrets
-  TRUSTIFICATION_OIDC_CLIENT_SECRET: ${{ secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}
+  TRUSTIFICATION_OIDC_CLIENT_SECRET: ${{ '${{' }} secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}
   # Set this password for your specific registry
-  IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
-  # QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
-  # ARTIFACTORY_IO_CREDS_PSW: ${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}
-  # NEXUS_IO_CREDS_PSW: ${{ secrets.NEXUS_IO_CREDS_PSW }}
+  IMAGE_REGISTRY_PASSWORD: ${{ '${{' }} secrets.IMAGE_REGISTRY_PASSWORD }}
+  # QUAY_IO_CREDS_PSW: ${{ '${{' }} secrets.QUAY_IO_CREDS_PSW }}
+  # ARTIFACTORY_IO_CREDS_PSW: ${{ '${{' }} secrets.ARTIFACTORY_IO_CREDS_PSW }}
+  # NEXUS_IO_CREDS_PSW: ${{ '${{' }} secrets.NEXUS_IO_CREDS_PSW }}
 
   # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
   IMAGE_TAGS: ""
@@ -62,25 +62,25 @@ jobs:
         with:
           script: |
             const vars = {
-              IMAGE_REGISTRY: `${{ vars.IMAGE_REGISTRY }}`,
+              IMAGE_REGISTRY: `${{ '${{' }} vars.IMAGE_REGISTRY }}`,
 
              /* Used to verify the image signature and attestation */
-             COSIGN_PUBLIC_KEY: `${{ vars.COSIGN_PUBLIC_KEY }}`,
+             COSIGN_PUBLIC_KEY: `${{ '${{' }} vars.COSIGN_PUBLIC_KEY }}`,
              /* URL of the BOMbastic api host (e.g. https://sbom.trustification.dev) */
-             TRUSTIFICATION_BOMBASTIC_API_URL: `${{ vars.TRUSTIFICATION_BOMBASTIC_API_URL }}`,
+             TRUSTIFICATION_BOMBASTIC_API_URL: `${{ '${{' }} vars.TRUSTIFICATION_BOMBASTIC_API_URL }}`,
              /* URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken) */
-             TRUSTIFICATION_OIDC_ISSUER_URL: `${{ vars.TRUSTIFICATION_OIDC_ISSUER_URL }}`,
-             TRUSTIFICATION_OIDC_CLIENT_ID: `${{ vars.TRUSTIFICATION_OIDC_CLIENT_ID }}`,
-             TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: `${{ vars.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}`,
+             TRUSTIFICATION_OIDC_ISSUER_URL: `${{ '${{' }} vars.TRUSTIFICATION_OIDC_ISSUER_URL }}`,
+             TRUSTIFICATION_OIDC_CLIENT_ID: `${{ '${{' }} vars.TRUSTIFICATION_OIDC_CLIENT_ID }}`,
+             TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: `${{ '${{' }} vars.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}`,
              /* Set this to the user for your specific registry */
-             IMAGE_REGISTRY_USER: `${{ vars.IMAGE_REGISTRY_USER }}`,
+             IMAGE_REGISTRY_USER: `${{ '${{' }} vars.IMAGE_REGISTRY_USER }}`,
              /* Set this only when using an external Rekor instance */
-             REKOR_HOST: `${{ vars.REKOR_HOST }}`,
+             REKOR_HOST: `${{ '${{' }} vars.REKOR_HOST }}`,
              /* Set this only when using an external TUF instance */
-             TUF_MIRROR: `${{ vars.TUF_MIRROR }}`,
-             /*QUAY_IO_CREDS_USR: `${{ vars.QUAY_IO_CREDS_USR }}`,*/
-             /*ARTIFACTORY_IO_CREDS_USR: `${{ vars.ARTIFACTORY_IO_CREDS_USR }}`,*/
-             /*NEXUS_IO_CREDS_USR: `${{ vars.NEXUS_IO_CREDS_USR }}`,*/
+             TUF_MIRROR: `${{ '${{' }} vars.TUF_MIRROR }}`,
+             /*QUAY_IO_CREDS_USR: `${{ '${{' }} vars.QUAY_IO_CREDS_USR }}`,*/
+             /*ARTIFACTORY_IO_CREDS_USR: `${{ '${{' }} vars.ARTIFACTORY_IO_CREDS_USR }}`,*/
+             /*NEXUS_IO_CREDS_USR: `${{ '${{' }} vars.NEXUS_IO_CREDS_USR }}`,*/
             };
 
             const missingVars = Object.entries(vars).filter(([ name, value ]) => {
@@ -94,12 +94,12 @@ jobs:
 
             const secrets = {
 
-             TRUSTIFICATION_OIDC_CLIENT_SECRET: `${{ secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}`,
+             TRUSTIFICATION_OIDC_CLIENT_SECRET: `${{ '${{' }} secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}`,
               /* Set this password for your specific registry */
-             IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`,
-             /*QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`,*/
-             /*ARTIFACTORY_IO_CREDS_PSW: `${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}`,*/
-             /*NEXUS_IO_CREDS_PSW: `${{ secrets.NEXUS_IO_CREDS_PSW }}`,*/
+             IMAGE_REGISTRY_PASSWORD: `${{ '${{' }} secrets.IMAGE_REGISTRY_PASSWORD }}`,
+             /*QUAY_IO_CREDS_PSW: `${{ '${{' }} secrets.QUAY_IO_CREDS_PSW }}`,*/
+             /*ARTIFACTORY_IO_CREDS_PSW: `${{ '${{' }} secrets.ARTIFACTORY_IO_CREDS_PSW }}`,*/
+             /*NEXUS_IO_CREDS_PSW: `${{ '${{' }} secrets.NEXUS_IO_CREDS_PSW }}`,*/
             };
 
             const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
@@ -135,7 +135,7 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: '2'
+          fetch-depth: "2"
       - name: Pre-init
         run: |
           buildah --version

generated/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml

@@ -13,34 +13,34 @@ env:
   # 🖊️ EDIT to change the image registry settings.
 
   # Vars
-  ROX_CENTRAL_ENDPOINT: ${{ vars.ROX_CENTRAL_ENDPOINT }}
-  # GITOPS_AUTH_USERNAME: ${{ vars.GITOPS_AUTH_USERNAME }}
+  ROX_CENTRAL_ENDPOINT: ${{ '${{' }} vars.ROX_CENTRAL_ENDPOINT }}
+  # GITOPS_AUTH_USERNAME: ${{ '${{' }} vars.GITOPS_AUTH_USERNAME }}
   # Set this to the user for your specific registry
-  IMAGE_REGISTRY_USER: ${{ vars.IMAGE_REGISTRY_USER }}
+  IMAGE_REGISTRY_USER: ${{ '${{' }} vars.IMAGE_REGISTRY_USER }}
   # Set this only when using an external Rekor instance
-  REKOR_HOST: ${{ vars.REKOR_HOST }}
+  REKOR_HOST: ${{ '${{' }} vars.REKOR_HOST }}
   # Set this only when using an external TUF instance
-  TUF_MIRROR: ${{ vars.TUF_MIRROR }}
-  # QUAY_IO_CREDS_USR: ${{ vars.QUAY_IO_CREDS_USR }}
-  # ARTIFACTORY_IO_CREDS_USR: ${{ vars.ARTIFACTORY_IO_CREDS_USR }}
-  # NEXUS_IO_CREDS_USR: ${{ vars.NEXUS_IO_CREDS_USR }}
+  TUF_MIRROR: ${{ '${{' }} vars.TUF_MIRROR }}
+  # QUAY_IO_CREDS_USR: ${{ '${{' }} vars.QUAY_IO_CREDS_USR }}
+  # ARTIFACTORY_IO_CREDS_USR: ${{ '${{' }} vars.ARTIFACTORY_IO_CREDS_USR }}
+  # NEXUS_IO_CREDS_USR: ${{ '${{' }} vars.NEXUS_IO_CREDS_USR }}
   # Used to verify the image signature and attestation
-  COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
+  COSIGN_PUBLIC_KEY: ${{ '${{' }} vars.COSIGN_PUBLIC_KEY }}
   # Custom Root CA to be used in scripts as trusted
-  CUSTOM_ROOT_CA: ${{ vars.CUSTOM_ROOT_CA }}
+  CUSTOM_ROOT_CA: ${{ '${{' }} vars.CUSTOM_ROOT_CA }}
   # Secrets
-  ROX_API_TOKEN: ${{ secrets.ROX_API_TOKEN }}
-  GITOPS_AUTH_PASSWORD: ${{ secrets.GITOPS_AUTH_PASSWORD }}
+  ROX_API_TOKEN: ${{ '${{' }} secrets.ROX_API_TOKEN }}
+  GITOPS_AUTH_PASSWORD: ${{ '${{' }} secrets.GITOPS_AUTH_PASSWORD }}
   # Set this password for your specific registry
-  IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
-  # QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
-  # ARTIFACTORY_IO_CREDS_PSW: ${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}
-  # NEXUS_IO_CREDS_PSW: ${{ secrets.NEXUS_IO_CREDS_PSW }}
-  COSIGN_SECRET_PASSWORD: ${{ secrets.COSIGN_SECRET_PASSWORD }}
-  COSIGN_SECRET_KEY: ${{ secrets.COSIGN_SECRET_KEY }}
+  IMAGE_REGISTRY_PASSWORD: ${{ '${{' }} secrets.IMAGE_REGISTRY_PASSWORD }}
+  # QUAY_IO_CREDS_PSW: ${{ '${{' }} secrets.QUAY_IO_CREDS_PSW }}
+  # ARTIFACTORY_IO_CREDS_PSW: ${{ '${{' }} secrets.ARTIFACTORY_IO_CREDS_PSW }}
+  # NEXUS_IO_CREDS_PSW: ${{ '${{' }} secrets.NEXUS_IO_CREDS_PSW }}
+  COSIGN_SECRET_PASSWORD: ${{ '${{' }} secrets.COSIGN_SECRET_PASSWORD }}
+  COSIGN_SECRET_KEY: ${{ '${{' }} secrets.COSIGN_SECRET_KEY }}
 
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
-  IMAGE_REGISTRY: ${{ secrets.IMAGE_REGISTRY }}
+  IMAGE_REGISTRY: ${{ '${{' }} secrets.IMAGE_REGISTRY }}
 
   # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
   IMAGE_TAGS: ""
@@ -51,7 +51,7 @@ env:
 on:
   push:
     branches:
-      - 'main'
+      - "main"
   workflow_dispatch:
 
 jobs:
@@ -69,21 +69,21 @@ jobs:
         with:
           script: |
             const vars = {
-              IMAGE_REGISTRY: `${{ vars.IMAGE_REGISTRY }}`,
+              IMAGE_REGISTRY: `${{ '${{' }} vars.IMAGE_REGISTRY }}`,
 
-              ROX_CENTRAL_ENDPOINT: `${{ vars.ROX_CENTRAL_ENDPOINT }}`,
-              /* GITOPS_AUTH_USERNAME: `${{ vars.GITOPS_AUTH_USERNAME }}`, */
+              ROX_CENTRAL_ENDPOINT: `${{ '${{' }} vars.ROX_CENTRAL_ENDPOINT }}`,
+              /* GITOPS_AUTH_USERNAME: `${{ '${{' }} vars.GITOPS_AUTH_USERNAME }}`, */
               /* Set this to the user for your specific registry */
-              IMAGE_REGISTRY_USER: `${{ vars.IMAGE_REGISTRY_USER }}`,
+              IMAGE_REGISTRY_USER: `${{ '${{' }} vars.IMAGE_REGISTRY_USER }}`,
               /* Set this only when using an external Rekor instance */
-              REKOR_HOST: `${{ vars.REKOR_HOST }}`,
+              REKOR_HOST: `${{ '${{' }} vars.REKOR_HOST }}`,
               /* Set this only when using an external TUF instance */
-              TUF_MIRROR: `${{ vars.TUF_MIRROR }}`,
-              /* QUAY_IO_CREDS_USR: `${{ vars.QUAY_IO_CREDS_USR }}`, */
-              /* ARTIFACTORY_IO_CREDS_USR: `${{ vars.ARTIFACTORY_IO_CREDS_USR }}`, */
-              /* NEXUS_IO_CREDS_USR: `${{ vars.NEXUS_IO_CREDS_USR }}`, */
+              TUF_MIRROR: `${{ '${{' }} vars.TUF_MIRROR }}`,
+              /* QUAY_IO_CREDS_USR: `${{ '${{' }} vars.QUAY_IO_CREDS_USR }}`, */
+              /* ARTIFACTORY_IO_CREDS_USR: `${{ '${{' }} vars.ARTIFACTORY_IO_CREDS_USR }}`, */
+              /* NEXUS_IO_CREDS_USR: `${{ '${{' }} vars.NEXUS_IO_CREDS_USR }}`, */
               /* Used to verify the image signature and attestation */
-              COSIGN_PUBLIC_KEY: `${{ vars.COSIGN_PUBLIC_KEY }}`,
+              COSIGN_PUBLIC_KEY: `${{ '${{' }} vars.COSIGN_PUBLIC_KEY }}`,
             };
 
             const missingVars = Object.entries(vars).filter(([ name, value ]) => {
@@ -97,15 +97,15 @@ jobs:
 
             const secrets = {
 
-             ROX_API_TOKEN: `${{ secrets.ROX_API_TOKEN }}`,
-             GITOPS_AUTH_PASSWORD: `${{ secrets.GITOPS_AUTH_PASSWORD }}`,
+             ROX_API_TOKEN: `${{ '${{' }} secrets.ROX_API_TOKEN }}`,
+             GITOPS_AUTH_PASSWORD: `${{ '${{' }} secrets.GITOPS_AUTH_PASSWORD }}`,
              /* Set this password for your specific registry */
-             IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`,
-             /* QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`, */
-             /* ARTIFACTORY_IO_CREDS_PSW: `${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}`, */
-             /* NEXUS_IO_CREDS_PSW: `${{ secrets.NEXUS_IO_CREDS_PSW }}`, */
-             COSIGN_SECRET_PASSWORD: `${{ secrets.COSIGN_SECRET_PASSWORD }}`,
-             COSIGN_SECRET_KEY: `${{ secrets.COSIGN_SECRET_KEY }}`,
+             IMAGE_REGISTRY_PASSWORD: `${{ '${{' }} secrets.IMAGE_REGISTRY_PASSWORD }}`,
+             /* QUAY_IO_CREDS_PSW: `${{ '${{' }} secrets.QUAY_IO_CREDS_PSW }}`, */
+             /* ARTIFACTORY_IO_CREDS_PSW: `${{ '${{' }} secrets.ARTIFACTORY_IO_CREDS_PSW }}`, */
+             /* NEXUS_IO_CREDS_PSW: `${{ '${{' }} secrets.NEXUS_IO_CREDS_PSW }}`, */
+             COSIGN_SECRET_PASSWORD: `${{ '${{' }} secrets.COSIGN_SECRET_PASSWORD }}`,
+             COSIGN_SECRET_KEY: `${{ '${{' }} secrets.COSIGN_SECRET_KEY }}`,
             };
 
             const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
@@ -141,7 +141,7 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: '2'
+          fetch-depth: "2"
       - name: Pre-init
         run: |
           buildah --version

templates/gitops-template/gitops-promotion.yml.njk

@@ -12,7 +12,7 @@ env:
 
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
-  IMAGE_REGISTRY: ${{ "secrets.IMAGE_REGISTRY" | inCurlies }}
+  IMAGE_REGISTRY: ${{ "'${{' }} secrets.IMAGE_REGISTRY" | inCurlies }}
 {{ '' }}{# Ensure new line for better readability #}
 {%- for var in gitops_variables -%}
 {% include "github-variable.njk" %}
@@ -48,13 +48,13 @@ jobs:
               Perhaps this could use the bash var/secret checker too for consistency
             #}
             const vars = {
-              IMAGE_REGISTRY: `${{ "vars.IMAGE_REGISTRY" | inCurlies }}`,
+              IMAGE_REGISTRY: `${{ "'${{' }} vars.IMAGE_REGISTRY" | inCurlies }}`,
 {% for var in gitops_variables %}
 {%- if var | eval_if_condition %}
 {%- if var.comment %}
              /* {{ var.comment }} */
 {%- endif %}
-             {% if var.commented_out %}/*{% endif %}{{ var.name }}: `${{ ("vars." + var.name) | inCurlies }}`,{% if var.commented_out %}*/{% endif %}
+             {% if var.commented_out %}/*{% endif %}{{ var.name }}: `${{ ("'${{' }} vars." + var.name) | inCurlies }}`,{% if var.commented_out %}*/{% endif %}
 {%- endif %}
 {%- endfor %}
             };
@@ -74,7 +74,7 @@ jobs:
 {%- if secret.comment %}
               /* {{ secret.comment }} */
 {%- endif %}
-             {% if secret.commented_out %}/*{% endif %}{{ secret.name }}: `${{ ("secrets." + secret.name) | inCurlies }}`,{% if secret.commented_out %}*/{% endif %}
+             {% if secret.commented_out %}/*{% endif %}{{ secret.name }}: `${{ ("'${{' }} secrets." + secret.name) | inCurlies }}`,{% if secret.commented_out %}*/{% endif %}
 {%- endif %}
 {%- endfor %}
             };
@@ -112,7 +112,7 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: '2'
+          fetch-depth: "2"
       - name: Pre-init
         run: |
           buildah --version

templates/partials/github-secret.njk

@@ -2,5 +2,5 @@
 {%- if secret.comment %}
   # {{ secret.comment }}
 {%- endif %}
-{% if secret.commented_out -%}{{ '  # ' }}{% else %}{{ '  ' }}{% endif -%}{{- secret.name -}}: ${{- ("secrets." + secret.name) | inCurlies -}}
+{% if secret.commented_out -%}{{ '  # ' }}{% else %}{{ '  ' }}{% endif -%}{{- secret.name -}}: ${{- ("'${{' }} secrets." + secret.name) | inCurlies -}}
 {%- endif -%}

templates/partials/github-variable.njk

@@ -2,5 +2,5 @@
 {%- if var.comment %}
   # {{ var.comment }}
 {%- endif %}
-{% if var.commented_out -%}{{ '  # ' }}{% else %}{{ '  ' }}{% endif -%}{{- var.name -}}: ${{- ("vars." + var.name) | inCurlies -}}
+{% if var.commented_out -%}{{ '  # ' }}{% else %}{{ '  ' }}{% endif -%}{{- var.name -}}: ${{- ("'${{' }} vars." + var.name) | inCurlies -}}
 {%- endif -%}

templates/source-repo/build-and-update-gitops.yml.njk

@@ -23,7 +23,7 @@ env:
 {%- endfor %}
 
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
-  IMAGE_REGISTRY: ${{ "secrets.IMAGE_REGISTRY" | inCurlies }}
+  IMAGE_REGISTRY: ${{ "'${{' }} secrets.IMAGE_REGISTRY" | inCurlies }}
 
   # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
   IMAGE_TAGS: ""
@@ -34,7 +34,7 @@ env:
 on:
   push:
     branches:
-      - 'main'
+      - "main"
   workflow_dispatch:
 
 jobs:
@@ -55,14 +55,14 @@ jobs:
               Perhaps this could use the bash var/secret checker too for consistency
             #}
             const vars = {
-              IMAGE_REGISTRY: `${{ "vars.IMAGE_REGISTRY" | inCurlies }}`,
+              IMAGE_REGISTRY: `${{ "'${{' }} vars.IMAGE_REGISTRY" | inCurlies }}`,
 {% for var in build_variables %}
   {%- if var | eval_if_condition %}
     {%- if not var.optional %}
       {%- if var.comment %}
               /* {{ var.comment }} */
       {%- endif %}
-              {% if var.commented_out %}/* {% endif %}{{ var.name }}: `${{ ("vars." + var.name) | inCurlies }}`,{% if var.commented_out %} */{% endif %}
+              {% if var.commented_out %}/* {% endif %}{{ var.name }}: `${{ ("'${{' }} vars." + var.name) | inCurlies }}`,{% if var.commented_out %} */{% endif %}
     {%- endif %}
   {%- endif %}
 {%- endfor %}
@@ -83,7 +83,7 @@ jobs:
 {%- if secret.comment %}
              /* {{ secret.comment }} */
       {%- endif %}
-             {% if secret.commented_out %}/* {% endif %}{{ secret.name }}: `${{ ("secrets." + secret.name) | inCurlies }}`,{% if secret.commented_out %} */{% endif %}
+             {% if secret.commented_out %}/* {% endif %}{{ secret.name }}: `${{ ("'${{' }} secrets." + secret.name) | inCurlies }}`,{% if secret.commented_out %} */{% endif %}
 {%- endif %}
 {%- endfor %}
             };
@@ -121,7 +121,7 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: '2'
+          fetch-depth: "2"
       - name: Pre-init
         run: |
           buildah --version