Fix sed token injection failing when secrets contain special characters

[Copilot]

Secrets like SENTRY_DSN are URL-shaped and contain /, which breaks sed's s/pattern/replacement/g syntax at the delimiter boundary.

Changes

• Delimiter: switched all substitutions from / to |
• Metacharacter escaping: each secret is sanitized inline before substitution to escape |, &, and \ — the three characters that are special in a sed replacement string when | is the delimiter

sed -i "s|__SENTRY_DSN__|$(printf '%s' "$SENTRY_DSN" | sed 's/[|&\\]/\\&/g')|g" index.html 19hz/index.html

Original prompt

Fix the failing Deploy GitHub Actions job in repository ProLoser/funcheapmap.

Context:

• Failing workflow run: https://github.com/ProLoser/funcheapmap/actions/runs/24638752795/job/72038835450
• Workflow file: .github/workflows/deploy.yml
• Failure occurs in the Inject tokens step.
• Job log error:
  • sed: -e expression #1, char 25: unknown option to 's'
  • Process completed with exit code 1.
• The failing commands are sed -i "s/.../${SECRET}/g" ... substitutions that inject secrets into files.

Likely root cause:

• One or more secret values contain / or other replacement metacharacters, causing sed substitution syntax to break. URL-like secrets such as SENTRY_DSN are especially likely.

Requested solution:

• Update .github/workflows/deploy.yml so the token injection step works reliably even when secrets contain /, &, |, or other characters that would break naive sed replacement.
• Keep the change minimal and focused.
• Prefer inline logic over helper functions used once.
• Do not add comments.
• Keep it DRY and concise where practical.

Acceptance criteria:

• The Inject tokens step no longer fails due to sed replacement syntax.
• Existing placeholder replacement behavior is preserved for:
  • __APIFY_TOKEN__
  • __GOOGLE_TOKEN__
  • __SPOTIFY_CLIENT_ID__
  • __SPOTIFY_CLIENT_SECRET__
  • __SENTRY_DSN__
• The workflow remains valid YAML and continues deploying with JamesIves/github-pages-deploy-action@v4.

Please create a pull request with the fix.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Please find a solution for this failing job. Use the logs, job definition, and any referenced files where the failure occurred. Keep your response focused on the solution and include code suggestions when appropriate.

Assistant: The failure is in the token injection step of .github/workflows/deploy.yml at 80aa1eefb1fa484457151a29cb45b64860e9de1a:

• .github/workflows/deploy.yml#L25-L30
• Failing command: sed -i "s/.../${SECRET}/g" ...
• Error: sed: -e expression #1, char 25: unknown option to 's'

Cause: one of the secrets contains a / or another sed replacement metacharacter, so the replacement string breaks the s/.../.../g expression. SENTRY_DSN is especially likely because DSNs are URL-shaped.

Use a non-slash delimiter and escape the replacement values before passing them to sed.

Suggested fix:

- name: Inject tokens
  env:
    APIFY_TOKEN: ${{ secrets.APIFY_TOKEN }}
    GOOGLE_TOKEN: ${{ secrets.GOOGLE_TOKEN }}
    SPOTIFY_CLIENT_ID: ${{ secrets.SPOTIFY_CLIENT_ID }}
    SPOTIFY_CLIENT_SECRET: ${{ secrets.SPOTIFY_CLIENT_SECRET }}
    SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
  run: |
    APIFY_TOKEN_ESCAPED=$(printf '%s\n' "$APIFY_TOKEN" | sed 's/[&|]/\\&/g')
    GOOGLE_TOKEN_ESCAPED=$(printf '%s\n' "$GOOGLE_TOKEN" | sed 's/[&|]/\\&/g')
    SPOTIFY_CLIENT_ID_ESCAPED=$(printf '%s\n' "$SPOTIFY_CLIENT_ID" | sed 's/[&|]/\\&/g')
    SPOTIFY_CLIENT_SECRET_ESCAPED=$(printf '%s\n' "$SPOTIFY_CLIENT_SECRET" | sed 's/[&|]/\\&/g')
    SENTRY_DSN_ESCAPED=$(printf '%s\n' "$SENTRY_DSN" | sed 's/[&|]/\\&/g')

    sed -i "s|__APIFY_TOKEN__|$APIFY_TOKEN_ESCAPED|g" map.js 19hz/map.js
    sed -i "s|__GOOGLE_TOKEN__|$GOOGLE_TOKEN_ESCAPED|g" map.js 19hz/map.js
    sed -i "s|__GOOGLE_TOKEN__|$GOOGLE_TOKEN_ESCAPED|g" index.html 19hz/index.html
    sed -i "s|__SPOTIFY_CLIENT_ID__|$SPOTIFY_CLIENT_ID_ESCAPED|g" 19hz/map.js
    sed -i "s|__SPOTIFY_CLIENT_SECRET__|$SPOTIFY_CLIENT_SECRET_ESCAPED|g" 19hz/map.js
    sed -i "s|__SENTRY_DSN__|$SENTRY_DSN_ESCAPED|g" index.html 19hz/index.html

Minimal version, if you want to keep it tighter:

- name: Inject tokens
  env:
    APIFY_TOKEN: ${{ secrets.APIFY_TOKEN }}
    GOOGLE_TOKEN: ${{ secrets.GOOGLE_TOKEN }}
    SPOTIFY_CLIENT_ID: ${{ secrets.SPOTIFY_CLIENT_ID }}
    SPOTIFY_CLIENT_SECRET: ${{ secrets.SPOTIFY_CLIENT_SECRET }}
    SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
  run: |
    sed -i "s|__APIFY_TOKEN__|$(printf '%s' "$APIFY_TOKEN" | sed 's/[&|]/\\&/g')|g" map.js 19hz/map.js
    sed -i "s|__GOOGLE_TOKEN__|$(printf '%s' "$GOOGLE_TOKEN" | sed 's/[&|]/\\&/g')|g" map.js 19hz/map.js
    sed -i "s|__GOOGLE_TOKEN__|$(printf '%s' "$GOOGLE_TOKEN" | sed 's/[&|]/\\&/g')|g" index.html 19hz/index.html
    sed -i "s|__SPOTIFY_CLIENT_ID__|$(printf '%s' "$SPOTIFY_CLIENT_ID" | sed 's/[&|]/\\&/g')|g" 19hz/map.js
    sed -i "s|__SPOTIFY_CLIENT_SECRET__|$(printf '%s' "$SPOTIFY_CLIENT_SECRET" | sed 's/[&|]/\\&/g')|g" 19hz/map.js
    sed -i "s|__SENTRY_DSN__|$(printf '%s' "$SENTRY_DSN" | sed 's/[&|]/\\&/g')|g" index.html 19hz/index.html

If you want the cleanest fix, replace the whole block at .github/workflows/deploy.yml#L17-L30 with the minimal version above. That directly addresses the failing sed syntax and should make the deploy job pass.

User: create a pr to fix it

Assistant: I’ve started the PR creation flow and we’re waiting for your approval in the Gi...

This pull request was created from Copilot chat.