Add possibility to sertup .env in VARIABLES of Github

Author: nuzil

.github/workflows/deploy.yaml

@@ -40,6 +40,13 @@ jobs:
               printf '%s\n' "${{ secrets.MESH_SECRETS_STAGE }}"
               printf '%s\n' '__MESH_SECRETS__'
             } >> "$GITHUB_ENV"
+            if [ -n "${{ vars.ENV_STAGE }}" ]; then
+              {
+                printf '%s\n' 'AIO_ENV_FILE<<__AIO_ENV_FILE__'
+                printf '%s\n' "${{ vars.ENV_STAGE }}"
+                printf '%s\n' '__AIO_ENV_FILE__'
+              } >> "$GITHUB_ENV"
+            fi
           elif [ "$BRANCH_NAME" = "production" ]; then
             echo "TARGET_ENV=production" >> "$GITHUB_ENV"
             echo "CLIENTID=${{ secrets.CLIENTID_PROD }}" >> "$GITHUB_ENV"
@@ -52,6 +59,13 @@ jobs:
               printf '%s\n' "${{ secrets.MESH_SECRETS_PROD }}"
               printf '%s\n' '__MESH_SECRETS__'
             } >> "$GITHUB_ENV"
+            if [ -n "${{ vars.ENV_PROD }}" ]; then
+              {
+                printf '%s\n' 'AIO_ENV_FILE<<__AIO_ENV_FILE__'
+                printf '%s\n' "${{ vars.ENV_PROD }}"
+                printf '%s\n' '__AIO_ENV_FILE__'
+              } >> "$GITHUB_ENV"
+            fi
           else
             echo "Unsupported branch '$BRANCH_NAME'. Only staging and production are allowed." >&2
             exit 1
@@ -81,6 +95,12 @@ jobs:
           set -euo pipefail
           printf '%s\n' "$MESH_SECRETS" > secrets.yaml
           chmod 600 secrets.yaml
+      - name: Materialize branch .env file
+        if: ${{ env.AIO_ENV_FILE != '' }}
+        run: |
+          set -euo pipefail
+          printf '%s\n' "$AIO_ENV_FILE" > .env
+          chmod 600 .env
       - name: Setup CLI
         uses: adobe/aio-cli-setup-action@1.3.0
         with:

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file. The format loosely follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and the repository uses [Semantic Versioning](https://semver.org/).
 
+## [1.1.1] - 2025-12-04
+### Added
+- Workflow now consumes GitHub repository variables `ENV_STAGE` / `ENV_PROD`, writes their full multi-line contents into `.env`, and feeds that file to the Adobe API Mesh CLI before create/update operations.
+- Documentation updates explaining the new `.env` injection path and the recommended GitHub variables for environment-specific configuration.
+
 ## [1.1.0] - 2025-11-25
 ### Added
 - New primary workflow `.github/workflows/deploy.yaml` that materializes branch-specific mesh secrets, computes CLI flags automatically, and waits for mesh provisioning with retry logic.

README.md

@@ -13,6 +13,7 @@ This repository is a lightweight starting point for teams that want a repeatable
 
 ### Key Capabilities
 
+- **Dynamic `.env` injection** – GitHub repository variables (`ENV_STAGE`, `ENV_PROD`) can store full `.env` payloads, and the workflow materializes them into a runtime `.env` before invoking the API Mesh CLI.
 - **Secret materialization** – branch-specific secrets can include encrypted mesh credentials (`MESH_SECRETS_*`) that the workflow writes to `secrets.yaml` on the fly and passes through `--secrets` so sensitive resolvers stay out of Git history.
 - **Auto-flag builder** – the workflow inspects the repo for `.env` and `secrets.yaml` and automatically appends the correct `aio api-mesh:*` flags, helping you wire runtime configuration consistently.
 - **Provisioning watchdog** – mesh deployments poll `aio api-mesh:status` for up to 10 minutes with friendly logging, failing early if provisioning stalls or ends unexpectedly.
@@ -57,6 +58,15 @@ Configure the following secrets under **Settings → Secrets and variables → A
 
 Add any extra secrets referenced by your mesh (for custom resolvers, HTTP headers, etc.) and load them via environment variables or additional steps in the workflow.
 
+### Recommended GitHub Variables
+
+| Variable Name | When Used | Description |
+| --- | --- | --- |
+| `ENV_STAGE` | Pushes to `staging` | Full contents of the `.env` file you want the staging deployment to consume (multi-line values supported). |
+| `ENV_PROD` | Pushes to `production` | Production `.env` payload, typically mirroring secure resolver configuration for production meshes. |
+
+If these variables are present, the workflow writes them to `.env` before running `aio api-mesh:*`. If they are empty, the pipeline falls back to any `.env` file committed in the repository or skips the flag entirely.
+
 ---
 
 ## Quick Start
@@ -65,7 +75,7 @@ Add any extra secrets referenced by your mesh (for custom resolvers, HTTP header
 2. **Add your mesh files**:
 	- Place the primary mesh definition in `mesh.json`.
 	- Commit any supporting schemas/resolvers alongside it.
-	- (Optional) store non-secret runtime values in `.env` (e.g., `MESH_NAME=my-mesh`). The workflow passes `--env .env` to the CLI so those values are merged during create/update.
+	- Provide runtime configuration via Git-tracked `.env` files **or** populate the `ENV_STAGE` / `ENV_PROD` GitHub variables with the exact `.env` content you want injected per environment.
 3. **Populate GitHub Secrets** with the values listed above.
 4. **Adopt the branch convention**:
 	- Push or merge to `staging` for deploying to staging Adobe workspaces.