Configuration variables are empty when passed as secrets to reusable workflow

Describe the bug Configuration variables (introduced recently by Github) are empty when passed as secrets to a reusable workflow.

To Reproduce Steps to reproduce the behavior:

1. Setup a Repository or Organization based configuration variable in settings:

MY_VAR=some-value

1. Create a test reusable workflow with some secret as a parameter, like:

on:
  workflow_call:
    secrets:
      my-secret:
        required: false
jobs:
  my-job:
    name: My Job
    runs-on: ubuntu-latest
    steps:
      - name: Test Vars
        run: |
          echo '${{ secrets.my-secret }}'  | sed 's/./& /g'
                  

1. Create a main workflow with a job that reusing workflow from previous step
2. Pass the configuration variable as a secret, like:

on:
  workflow_dispatch:
  
jobs:
  build:
    name: Step1
    uses: <my-org>/github-actions/.github/workflows/test-workflow.yaml@main
    secrets:
      my-secret: ${{ vars.MY_VAR }}

Expected behavior output of MY_VAR (with spaces between letters to unmask the value)

Runner Version and Platform

2.301.1

Ubuntu

What’s not working?

If you modify the test, add inputs to reusable workflow and pass the var to the input at the same time with passing that to secrets, THAT WORKS! That is the reason, why it was qualified as a bug and not a feature.

Here is a workaround:

# Reusable workflow
on:
  workflow_call:
    secrets:
      my-secret:
        required: false
    inputs:
      my-input:
        required: false
        type: string
        default: ''
jobs:
  my-job:
    name: My Job
    runs-on: ubuntu-latest
    steps:
      - name: Test Vars
        run: |
          echo '${{ secrets.my-secret }}'  | sed 's/./& /g'

# Main workflow

on:
  workflow_dispatch:
  
jobs:
  build:
    name: Step1
    uses: <my-org>/github-actions/.github/workflows/test-workflow.yaml@main
    secrets:
      my-secret: ${{ vars.MY_VAR }}
    with:
      my-input:  ${{ vars.MY_VAR }}