From 29622dd54c1d052adfc496c038dca5db327d7f1f Mon Sep 17 00:00:00 2001
From: marcusquinn <6428977+marcusquinn@users.noreply.github.com>
Date: Fri, 20 Mar 2026 07:10:45 +0000
Subject: [PATCH] fix: move sync-wiki.yml secrets to env block to resolve
 SonarCloud S7636

Move github.actor, secrets.GITHUB_TOKEN, and github.repository from
inline run block string interpolation to step-level env: block.
References via env vars prevent secret expansion in workflow logs.

Resolves the remaining S7636 hotspot in sync-wiki.yml.

Closes #106
---
 .github/workflows/sync-wiki.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/sync-wiki.yml b/.github/workflows/sync-wiki.yml
index 1e42924..55ef5fc 100644
--- a/.github/workflows/sync-wiki.yml
+++ b/.github/workflows/sync-wiki.yml
@@ -50,4 +50,8 @@ jobs:
           git commit -m "Sync wiki from source repository"
 
           # Push changes
-          git push https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.wiki.git
+          git push https://${WIKI_ACTOR}:${WIKI_TOKEN}@github.com/${WIKI_REPO}.wiki.git
+        env:
+          WIKI_ACTOR: ${{ github.actor }}
+          WIKI_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          WIKI_REPO: ${{ github.repository }}