quote yaml secrets where missing for consistency

Author: vszakats

.github/workflows/build_ci_multi.yml

@@ -22,9 +22,9 @@ jobs:
       - name: 'login ghcr.io (actor, via action)'
         uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io/${{ github.repository_owner }}
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+          registry: 'ghcr.io/${{ github.repository_owner }}'
 
       - name: 'login ghcr.io (actor, direct)'
         env:

.github/workflows/build_latest_release_multi.yml

@@ -29,9 +29,9 @@ jobs:
       - name: 'login ghcr.io'
         uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io/${{ github.repository_owner }}
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+          registry: 'ghcr.io/${{ github.repository_owner }}'
       - name: 'login docker hub'
         env:
           DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}'
@@ -80,7 +80,7 @@ jobs:
         run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key
       - name: 'sign images with sigstore key'
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
         run: |
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:$REL
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:$REL
@@ -96,7 +96,7 @@ jobs:
           buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:latest"
       - name: 'sign images with a sigstore key'
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
         run: |
           cosign sign -y --key cosign.key docker.io/curlimages/curl:$REL
           cosign sign -y --key cosign.key docker.io/curlimages/curl:latest
@@ -116,7 +116,7 @@ jobs:
           buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:latest"
       - name: 'sign images with a sigstore key'
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
         run: |
           cosign sign -y --key cosign.key quay.io/curl/curl:$REL
           cosign sign -y --key cosign.key quay.io/curl/curl:latest

.github/workflows/build_master.yml

@@ -31,9 +31,9 @@ jobs:
       - name: 'login ghcr.io'
         uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io/${{ github.repository_owner }}
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+          registry: 'ghcr.io/${{ github.repository_owner }}'
       - name: 'login docker hub'
         env:
           DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}'
@@ -75,7 +75,7 @@ jobs:
         run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key
       - name: 'sign image with a key'
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
         run: |
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev:master
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base:master

.github/workflows/build_master_dev.yml

@@ -32,9 +32,9 @@ jobs:
       - name: 'login ghcr.io'
         uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io/${{ github.repository_owner }}
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+          registry: 'ghcr.io/${{ github.repository_owner }}'
       - name: 'login docker hub'
         env:
           DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}'
@@ -89,7 +89,7 @@ jobs:
           buildah push curl-dev-fedora:master "docker://ghcr.io/curl/curl-container/curl-dev-fedora:master"
       - name: 'sign image with a key'
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
         run: |
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev-fedora:master
       - name: 'verify image with public key'

.github/workflows/build_master_multi.yml

@@ -31,9 +31,9 @@ jobs:
       - name: 'login ghcr.io'
         uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io/${{ github.repository_owner }}
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+          registry: 'ghcr.io/${{ github.repository_owner }}'
       - name: 'login docker hub'
         env:
           DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}'
@@ -74,7 +74,7 @@ jobs:
         run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key
       - name: 'sign image with a key'
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
         run: |
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:master
           cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:master