Use a $TARGET env var (and some other vars)

We are already using a `$CARGO` environment variable, which is
mainly for convenient expansion by the shell, but `cargo` (and
commands like `cross` with the same interface) pass it on to build
scripts, which may use it (and if or how they do may in principle
vary by feature or target). But the sitation with `$TARGET` is
analogous--it would also make commands more readable, and it is
also passed down to scripts by `cargo`.

So this adds `$TARGET`.

Doing this serves another purpose, which is to make it easier to
reason about the semantics of the commands the shell is running.
Using `${{ }}` interpolation should not be a security risk here,
since all values are trusted. But injecting characters such as `'`
could still happen by accident. Often it may not be justified,
outside of reusable workflows or those running on events with
elevated security risks, to route them through environment
variables to ensure their contents are not interpreted specially
by the shell. However, with the addition of `$TARGET`, it seems
that most of that has already been done, such that clarity is
overall improved rather than worsened by going the rest of the way.

So this does that too, adding other environment variables in the
narrowest scope that is broad enough to avoid duplication. Now all
`${{ }}` interpolations are outside of script code. Note that
these changes only apply to the release workflow and may not
necessarily be justified in other workflows.

Author: EliahKagan

.github/workflows/release.yml

@@ -35,7 +35,10 @@ jobs:
 
       - name: Get the release version from the tag
         if: env.VERSION == ''
-        run: echo 'VERSION=${{ github.ref_name }}' >> "$GITHUB_ENV"
+        run: echo "VERSION=$VERSION" >> "$GITHUB_ENV"
+        env:
+          VERSION: ${{ github.ref_name }}
+
 
       - name: Validate version against Cargo.toml
         run: |
@@ -78,7 +81,9 @@ jobs:
         run: mkdir artifacts
 
       - name: Save release upload URL to artifact
-        run: echo '${{ steps.release.outputs.upload_url }}' > artifacts/release-upload-url
+        run: echo "$URL" > artifacts/release-upload-url
+        env:
+          URL: ${{ steps.release.outputs.upload_url }}
 
       - name: Save version number to artifact
         run: echo "$VERSION" > artifacts/release-version
@@ -156,8 +161,10 @@ jobs:
 
     env:
       CARGO: cargo  # On Linux, this will be changed to `cross` in a later step.
+      TARGET: ${{ matrix.target }}
       TARGET_FLAGS: --target=${{ matrix.target }}
       TARGET_DIR: target/${{ matrix.target }}
+      FEATURE: ${{ matrix.feature }}
       RUST_BACKTRACE: '1'  # Emit backtraces on panics.
       CARGO_TERM_COLOR: always
       CLICOLOR: '1'
@@ -204,7 +211,7 @@ jobs:
 
       - name: Build release binary
         run: |
-          "$CARGO" build --verbose --release "$TARGET_FLAGS" --no-default-features --features ${{ matrix.feature }}
+          "$CARGO" build --verbose --release "$TARGET_FLAGS" --no-default-features --features "$FEATURE"
 
       - name: Strip release binary (x86-64 Linux, and all macOS)
         if: matrix.target == 'x86_64-unknown-linux-musl' || matrix.os == 'macos-latest'
@@ -222,12 +229,12 @@ jobs:
 
       - name: Build archive
         run: |
-          staging='gitoxide-${{ matrix.feature }}-${{ env.VERSION }}-${{ matrix.target }}'
+          staging="gitoxide-$FEATURE-$VERSION-$TARGET"
           mkdir -p -- "$staging"
 
           cp {README.md,LICENSE-*,CHANGELOG.md} "$staging/"
 
-          if [ '${{ matrix.os }}' = 'windows-latest' ]; then
+          if [ "$OS" = 'windows-latest' ]; then
             file -- "$TARGET_DIR"/release/{ein,gix}.exe
             cp -- "$TARGET_DIR"/release/{ein,gix}.exe "$staging/"
             7z a "$staging.zip" "$staging"
@@ -238,6 +245,8 @@ jobs:
             tar czf "$staging.tar.gz" "$staging"
             echo "ASSET=$staging.tar.gz" >> "$GITHUB_ENV"
           fi
+        env:
+          OS: ${{ matrix.os }}
 
       - name: Upload release archive
         uses: actions/upload-release-asset@v1.0.2