CQ: Avoid expanding secrets in a run block

abhinavminhas · abhinavminhas · commit bdcde11affa5 · 2025-08-24T01:09:06.000+10:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -179,8 +179,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         shell: powershell
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
           .\.sonar\scanner\dotnet-sonarscanner begin /k:"abhinavminhas_QueryDB" /o:"abhinavminhas" /d:sonar.token="$SONAR_TOKEN" /d:sonar.host.url="https://sonarcloud.io"
           dotnet build
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -39,8 +39,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         shell: powershell
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
           .\.sonar\scanner\dotnet-sonarscanner begin /k:"abhinavminhas_QueryDB" /o:"abhinavminhas" /d:sonar.token="$SONAR_TOKEN" /d:sonar.host.url="https://sonarcloud.io"
           dotnet build
