show me how to add an environment variable to a gcp workflow

Sure. Below is a simple Pulumi program written in TypeScript that provisions a Cloud Workflow on Google Cloud and sets an environment variable for it. Unfortunately, GCP Cloud Workflows does not directly support environment variables in the traditional sense.

In your situation, you might want to consider storing your configuration as a Secret in Google Secret Manager, and injecting it as needed into your Workflows.

Check out the program below:

import * as gcp from "@pulumi/gcp";

// Create a Google Secret Manager Secret
const secret = new gcp.secretmanager.Secret("my-secret", {
    replication: {
        automatic: true,
    },
});

// Create a version of the secret with the value
new gcp.secretmanager.SecretVersion("my-secret-version", {
    secret: secret.name,
    secretData: "super-secret-value",
});

// Create a GCP Workflow.
const workflow = new gcp.workflows.Workflow("my-workflow", {
    description: "A workflow for setting an environment variable",
    region: "us-central1",
    sourceContents: `# Consider this yaml as a pseudocode that represents the process of fetching a secret
- getCurrentProject:
    call: http.get
    args:
        url: https://cloudresourcemanager.googleapis.com/v1/projects/myproject
    result: project
- getSecretValue:
    call: googleapis.secretmanager.v1beta1.projects.secrets.versions.access
    args:
        secretId: my-secret
        resourceName: 
            format: projects/{project}/secrets/{secretId}/versions/latest
            arguments: 
                project: $.project
                secretId: my-secret
        auth:
            type: OAuth2
        transform: jq($.payload.data | @base64d)`,
});

export const workflowName = workflow.name;

In this example, the program creates a secret containing your sensitive data (secretData) using the Secret Manager of GCP. The Workflow's sourceContents contents is a YAML file which represents the process of fetching a secret from the secret manager. Here, the getSecretValue literally "calls" Google Secret Manager API to retrieve and use the secret as an environment variable.

Please, check out the relevant resources in the Pulumi Registry documentation here: