Lint translate-secrets script

- Remove useless echo subshell
- Set readonly variables for to clarify when the script is no longer going to modify those variables.

Signed-off-by: Jack Baldry <[email protected]>

actions/get-vault-secrets/translate-secrets.sh → actions/get-vault-secrets/translate-secrets.bash

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # Input env:
-# - REPO => Repository name 
+# - REPO => Repository name
 # - COMMON_SECRETS => Common secrets (in the ci/data/common/<path> vault path): {{ Env Variable Name }}={{ Secret Path }}:{{ Secret Key }}
 # - REPO_SECRETS => Repo secrets (in the ci/data/repo/${REPO}/<path> vault path): {{ Env Variable Name }}={{ Secret Path }}:{{ Secret Key }}
 # Output format: "{{ Secret Path }} {{ Secret Key }} | {{ Env Variable Name }}" in the $GITHUB_OUTPUT file
@@ -19,6 +19,8 @@ if [ -z "$GITHUB_OUTPUT" ]; then
   exit 1
 fi
 
+readonly COMMON_SECRETS GITHUB_OUTPUT REPO REPO_SECRETS
+
 RESULT=""
 
 # Function to split a string into parts
@@ -43,18 +45,20 @@ split_string() {
 if [ -n "$COMMON_SECRETS" ]; then
     for common_secret in $COMMON_SECRETS; do
         split_string "$common_secret"
-        RESULT="${RESULT}$(echo "ci/data/common/$secret_path $secret_key | $env_variable_name");\n"
+        RESULT="${RESULT}ci/data/common/$secret_path $secret_key | $env_variable_name;\n"
     done
 fi
 
 # Translate the repo secrets
 if [ -n "$REPO_SECRETS" ]; then
     for repo_secret in $REPO_SECRETS; do
         split_string "$repo_secret"
-        RESULT="${RESULT}$(echo "ci/data/repo/$REPO/$secret_path $secret_key | $env_variable_name");\n"
+        RESULT="${RESULT}ci/data/repo/$REPO/$secret_path $secret_key | $env_variable_name;\n"
     done
 fi
 
+readonly RESULT
+
 # Print the contents of the output file
 echo -e "Secrets that will be queried from Vault:\n$RESULT"
 echo -e "secrets<<EOF\n${RESULT}EOF" > "$GITHUB_OUTPUT"