Github 操作可重用工作流秘密不工作

Question

I have a simple scenario with reusable workflows and secrets which doesn't work as the secrets are empty.

I have 3 GH repositories:

1. Microservice code - contains the code to runs the workflows from the domain gh actions repo
2. Domain GH Workflows repo - contains the github action secrets for the domain and uses the reusable workflows from the core devops repository
3. Core GH Workflows repo - contains generic workflows with many parameters that could be passed by other repositories

I have added the domain secrets (such as aws access key and aws secret access key) to the domain Domain GH Workflows and passed it with the named secrets to the given workflow using the tutorial from the GH - I do not want to use the "inherit" keyword, as i have to use the parametrized version.

However, only the empty strings are passed, even though I have added those kyes to the Github Repository Secrets of the Domain repository. I have tried also adding it to the environment and using the environment value in the workflows in any part of the flow (microservice repo and domain gh workflow repo).

Do you have any idea of why is it happening and what could be done to fix the problems that I am facing or achieve the similar results with a different approach?

Answer 1

When you don't want to use the inherit keyword, you need to set each secret in the reusable workflow workflow_call trigger configuration, and share each secret from the main workflow (calling the reusable) as secrets inputs.

However, in that case, you can only use secrets from the repository workflow calling the reusable workflow.

Note: If you want to avoid duplicating secrets between repositories, there is also the solution of using Organization Secrets to share those secrets in different repository, storing them in only one place.