From 66f68e02196f9577d36992779f617cd76304f2df Mon Sep 17 00:00:00 2001
From: pancho horrillo <pancho.horrillo@bbva.com>
Date: Wed, 30 Sep 2020 16:34:25 +0200
Subject: [PATCH] style: don't pollute the env with secrets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also, it's a bit less boilerplate code.

Seen here¹:

¹: https://github.com/dependabot/dependabot-core/blob/v0.120.3/.github/workflows/docker.yml#L27-L29
---
 .github/workflows/release.yml | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ba31b5d..8eb85fa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,17 +31,14 @@ jobs:
         [[ -f "$RELNOTES" ]] && echo ::set-output name=ARGS::--release-notes $RELNOTES || true
 
     - name: Docker Login
-      env:
-        DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-        DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
       run: |
-        echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
+        username="${{ secrets.DOCKERHUB_USERNAME }}"
+        password="${{ secrets.DOCKERHUB_PASSWORD }}"
+        echo "$password" | docker login --username "$username" --password-stdin
 
     - name: Load GPG private key
       run: |
-        echo "$GPG_PRIVATE_KEY" | gpg --import
-      env:
-        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        echo "${{ secrets.GPG_PRIVATE_KEY" }} | gpg --import
 
     - uses: goreleaser/goreleaser-action@v2
       with: