diff --git a/.github/actions/notices_generation/action.yml b/.github/actions/notices_generation/action.yml
index 913573bdde8..efc3be25b95 100644
--- a/.github/actions/notices_generation/action.yml
+++ b/.github/actions/notices_generation/action.yml
@@ -34,11 +34,16 @@ runs:
       cd "${{ github.action_path }}"
       bundle install
       if ${{ inputs.search-local-pod-version == 'true' }} ; then
-        ruby app.rb --pods ${{ inputs.pods }} --sources ${{ inputs.sources }} --min_ios_version ${{ inputs.min-ios-version }} --search_local_pod_version --notices_path ${{ inputs.notices-path }}
+        ruby app.rb --pods ${INPUTS_PODS} --sources ${INPUTS_SOURCES} --min_ios_version ${INPUTS_MIN_IOS_VERSION} --search_local_pod_version --notices_path ${INPUTS_NOTICES_PATH}
       else
-        ruby app.rb --pods ${{ inputs.pods }} --sources ${{ inputs.sources }} --min_ios_version ${{ inputs.min-ios-version }} --notices_path ${{ inputs.notices-path }}
+        ruby app.rb --pods ${INPUTS_PODS} --sources ${INPUTS_SOURCES} --min_ios_version ${INPUTS_MIN_IOS_VERSION} --notices_path ${INPUTS_NOTICES_PATH}
       fi
     shell: bash
+    env:
+      INPUTS_PODS: ${{ inputs.pods }}
+      INPUTS_SOURCES: ${{ inputs.sources }}
+      INPUTS_MIN_IOS_VERSION: ${{ inputs.min-ios-version }}
+      INPUTS_NOTICES_PATH: ${{ inputs.notices-path }}
   - name: Upload artifacts
     uses: actions/upload-artifact@v3
     with:
diff --git a/.github/workflows/api_diff_report.yml b/.github/workflows/api_diff_report.yml
index 8ca8c385b81..07cdb593038 100644
--- a/.github/workflows/api_diff_report.yml
+++ b/.github/workflows/api_diff_report.yml
@@ -53,8 +53,10 @@ jobs:
       - name: Generate API files for PR branch
         run: |
           python ~/api_diff_report/api_info.py \
-            --file_list ${{ steps.get_changed_files.outputs.file_list }} \
+            --file_list ${STEPS_GET_CHANGED_FILES_OUTPUTS_FILE_LIST} \
             --output_dir ${{ env.PR_API_OUTPUT }}
+        env:
+          STEPS_GET_CHANGED_FILES_OUTPUTS_FILE_LIST: ${{ steps.get_changed_files.outputs.file_list }}
 
       - name: Checkout Base branch
         run: git checkout HEAD^
@@ -62,8 +64,10 @@ jobs:
       - name: Generate API files for Base branch
         run: |
           python ~/api_diff_report/api_info.py \
-            --file_list ${{ steps.get_changed_files.outputs.file_list }} \
+            --file_list ${STEPS_GET_CHANGED_FILES_OUTPUTS_FILE_LIST} \
             --output_dir ${{ env.BASE_API_OUTPUT }}
+        env:
+          STEPS_GET_CHANGED_FILES_OUTPUTS_FILE_LIST: ${{ steps.get_changed_files.outputs.file_list }}
 
       - name: Generate API Diff Report
         run: |
diff --git a/.github/workflows/health-metrics-presubmit.yml b/.github/workflows/health-metrics-presubmit.yml
index e7e5aa1020c..fda5e06f7ef 100644
--- a/.github/workflows/health-metrics-presubmit.yml
+++ b/.github/workflows/health-metrics-presubmit.yml
@@ -53,7 +53,7 @@ jobs:
         env:
           pr_branch: ${{ github.event.pull_request.head.ref }}
         run: |
-          if [ ! -z "${{ env.METRICS_SERVICE_SECRET }}"  ]; then
+          if [ ! -z "${METRICS_SERVICE_SECRET}"  ]; then
             ./scripts/health_metrics/get_updated_files.sh
           fi
 
@@ -335,7 +335,7 @@ jobs:
 
           # Activate the service account for Metrics Service.
           scripts/decrypt_gha_secret.sh scripts/gha-encrypted/metrics_service_access.json.gpg \
-          metrics-access.json "${{ env.METRICS_SERVICE_SECRET }}"
+          metrics-access.json "${METRICS_SERVICE_SECRET}"
           gcloud auth activate-service-account --key-file metrics-access.json
       - uses: actions/download-artifact@v3
         id: download
@@ -345,9 +345,10 @@ jobs:
         if: github.event.pull_request.merged != true && github.event.action != 'closed' && github.event.pull_request.head.repo.full_name == github.repository && github.event.pull_request.base.ref == 'main'
         env:
           base_commit: ${{ needs.check.outputs.target_branch_head }}
+          STEPS_DOWNLOAD_OUTPUTS_DOWNLOAD_PATH: ${{steps.download.outputs.download-path}}
         run: |
           # Get Head commit of the branch, instead of a merge commit created by actions/checkout.
-          if [ -d "${{steps.download.outputs.download-path}}" ]; then
+          if [ -d "${STEPS_DOWNLOAD_OUTPUTS_DOWNLOAD_PATH}" ]; then
             cd scripts/health_metrics/generate_code_coverage_report
             swift run CoverageReportGenerator --presubmit "firebase/firebase-ios-sdk" --head-commit "${GITHUB_SHA}" --token $(gcloud auth print-identity-token) --xcresult-dir "/Users/runner/test/codecoverage" --log-link "https://github.com/firebase/firebase-ios-sdk/actions/runs/${GITHUB_RUN_ID}" --pull-request-num ${{github.event.pull_request.number}} --base-commit "$base_commit"
           fi
@@ -380,7 +381,9 @@ jobs:
       - name: Update New Coverage Data
         if: github.event.pull_request.merged && github.event.pull_request.head.repo.full_name == github.repository
         run: |
-          if [ -d "${{steps.download.outputs.download-path}}" ]; then
+          if [ -d "${STEPS_DOWNLOAD_OUTPUTS_DOWNLOAD_PATH}" ]; then
             cd scripts/health_metrics/generate_code_coverage_report
-            swift run CoverageReportGenerator --merge "firebase/firebase-ios-sdk" --head-commit "${GITHUB_SHA}" --token $(gcloud auth print-identity-token) --xcresult-dir "/Users/runner/test/codecoverage" --log-link "https://github.com/firebase/firebase-ios-sdk/actions/runs/${GITHUB_RUN_ID}" --source-branch "${{ github.base_ref }}"
+            swift run CoverageReportGenerator --merge "firebase/firebase-ios-sdk" --head-commit "${GITHUB_SHA}" --token $(gcloud auth print-identity-token) --xcresult-dir "/Users/runner/test/codecoverage" --log-link "https://github.com/firebase/firebase-ios-sdk/actions/runs/${GITHUB_RUN_ID}" --source-branch "${GITHUB_BASE_REF}"
           fi
+        env:
+          STEPS_DOWNLOAD_OUTPUTS_DOWNLOAD_PATH: ${{steps.download.outputs.download-path}}
diff --git a/.github/workflows/installations.yml b/.github/workflows/installations.yml
index 2b103346226..2e0684a0173 100644
--- a/.github/workflows/installations.yml
+++ b/.github/workflows/installations.yml
@@ -174,6 +174,8 @@ jobs:
       run: echo "::set-output name=val::$([[ -z $plist_secret ]] && echo "0" || echo "1")"
     - name: PodLibLint Installations Cron
       run: |
-       export FIS_INTEGRATION_TESTS_REQUIRED=${{ steps.secrets.outputs.val }}
+       export FIS_INTEGRATION_TESTS_REQUIRED=${STEPS_SECRETS_OUTPUTS_VAL}
        scripts/third_party/travis/retry.sh scripts/pod_lib_lint.rb FirebaseInstallations.podspec \
          --platforms=${{ matrix.target }} ${{ matrix.flags }} \
+      env:
+        STEPS_SECRETS_OUTPUTS_VAL: ${{ steps.secrets.outputs.val }}
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
index c586d589e5e..776b47e7467 100644
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -130,7 +130,7 @@ jobs:
          bot-access.txt "$bot_token_secret"
     - name: Update SpecsTesting repo
       run: |
-        [[ ${{ matrix.allowwarnings }} == true ]] && ALLOWWARNINGS=true
+        [[ ${MATRIX_ALLOWWARNINGS} == true ]] && ALLOWWARNINGS=true
         botaccess=`cat bot-access.txt`
         cd scripts/create_spec_repo/
         swift build
@@ -145,6 +145,8 @@ jobs:
                                   --pod-sources 'https://${BOT_TOKEN}@github.com/Firebase/SpecsTesting' "https://github.com/firebase/SpecsDev.git" "https://github.com/firebase/SpecsStaging.git" "https://github.com/CocoaPods/Specs.git" \
                                   --include-pods "${targeted_pod}" \
                                   --keep-repo ${ALLOWWARNINGS:+--allow-warnings}
+      env:
+        MATRIX_ALLOWWARNINGS: ${{ matrix.allowwarnings }}
     - name: Clean Artifacts
       if: ${{ always() }}
       run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 08e5c2162b9..4b71e3b00c6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -129,7 +129,7 @@ jobs:
          bot-access.txt "$bot_token_secret"
     - name: Update SpecsReleasing repo
       run: |
-        [[ ${{ matrix.allowwarnings }} == true ]] && ALLOWWARNINGS=true
+        [[ ${MATRIX_ALLOWWARNINGS} == true ]] && ALLOWWARNINGS=true
         botaccess=`cat bot-access.txt`
         cd scripts/create_spec_repo/
         swift build
@@ -142,6 +142,8 @@ jobs:
                                 --pod-sources 'https://github.com/Firebase/SpecsReleasing' "https://github.com/firebase/SpecsStaging.git" "https://github.com/CocoaPods/Specs.git" \
                                 --include-pods "${targeted_pod}" \
                                 --keep-repo ${ALLOWWARNINGS:+--allow-warnings}
+      env:
+        MATRIX_ALLOWWARNINGS: ${{ matrix.allowwarnings }}
     - name: Clean Artifacts
       if: ${{ always() }}
       run: |
diff --git a/.github/workflows/update-cpp-sdk-on-release.yml b/.github/workflows/update-cpp-sdk-on-release.yml
index ac824cf4c53..2fb59f6ee5a 100644
--- a/.github/workflows/update-cpp-sdk-on-release.yml
+++ b/.github/workflows/update-cpp-sdk-on-release.yml
@@ -81,4 +81,6 @@ jobs:
       - name: Trigger firebase-cpp-sdk update
         run: |
           pip install -r scripts/gha/python_requirements.txt
-          python scripts/gha/trigger_workflow.py -t ${{ steps.generate-token.outputs.token }} -w update-dependencies.yml -p updateAndroid 0 -p updateiOS 1 -p comment "[Triggered]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) by [firebase-ios-sdk $GITHUB_REF release]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/$GITHUB_REF)." -s 10 -A
+          python scripts/gha/trigger_workflow.py -t ${STEPS_GENERATE_TOKEN_OUTPUTS_TOKEN} -w update-dependencies.yml -p updateAndroid 0 -p updateiOS 1 -p comment "[Triggered]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) by [firebase-ios-sdk $GITHUB_REF release]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/$GITHUB_REF)." -s 10 -A
+        env:
+          STEPS_GENERATE_TOKEN_OUTPUTS_TOKEN: ${{ steps.generate-token.outputs.token }}