From ce04a4058e9296da952cd1baab5ce8457d63dd88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <marc@mcornella.com>
Date: Sat, 29 Nov 2025 20:45:36 +0100
Subject: [PATCH] Fix unsafe injection pattern

---
 .github/workflows/publish.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e70baef..2df602d 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -23,11 +23,13 @@ jobs:
       - name: Set up .wiki remote
         run: git remote add dot-wiki git@github.com:ohmyzsh/ohmyzsh.wiki.git
       - name: Set up deploy keys to push to remote
+        env:
+          WIKI_DEPLOY_PRIVATE_KEY: ${{ secrets.WIKI_DEPLOY_PRIVATE_KEY }}
         run: |
           # Write deploy key to ~/.ssh/id_ed25519. Git will automatically
           # use ~/.ssh/id_ed25519 to log in to github.com (see `man ssh`)
           mkdir -p ~/.ssh
-          echo "${{ secrets.WIKI_DEPLOY_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          echo "${WIKI_DEPLOY_PRIVATE_KEY}" > ~/.ssh/id_ed25519
           chmod 600 ~/.ssh/id_ed25519
       - name: Push commits to main wiki remote
         run: git push --force dot-wiki HEAD:master