Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Environment Secrets are not available on Reusable Workflow / Workflow Templates

See original GitHub issue

Describe the bug

obs: this feature works as designed, but I believe it could be improved.

Problem: Passing an environment containing secrets to a reusable workflow is not enough to have the environment secrets avaiable.

Example: In a repository, there is an environment called “myenv”, which contains a single secret called “MY_SECRET”. In this repository, there is also a workflow calling a reusable workflow.

This is the reusable workflow

name: Reusable Workflow

on:
    workflow_call:
        inputs:
            ENVIRONMENT:
                required: true
                type: string            
jobs:
    some-job:
        runs-on: ubuntu-latest
        environment: ${{ inputs.ENVIRONMENT }}

        steps:
            - run: env

And this is the workflow

name: Workflow Caller

on:
    push:
        branches:
            - **

jobs:
    some-job:
        uses: Org/repo/.github/workflows/reusable-workflow.yml
        with:
            ENVIRONMENT: myenv

When running this workflow, MY_SECRET isn’t available. I see something like this in the logs:

...
MY_SECRET:
...

instead of this

...
MY_SECRET:***
...

In order to make MY_SECRET available in the reusable workflow, I must explicitly write it in the workflow caller, like so:

name: Workflow Caller

on:
    push:
        branches:
            - **

jobs:
    some-job:
        uses: Org/repo/.github/workflows/reusable-workflow.yml
        with:
            ENVIRONMENT: myenv
        secrets:
            MY_SECRET: ${{ secrets.MY_SECRET }}

Why can’t the reusable workflow load all of the environment secrets automatically using just the environment’s name? Is there a reason for not doing it?

In this repo you can find all of my experiments: https://github.com/AllanOricil/workflow-template-bug

Expected behavior “Deployment Environment” secrets should be available in reusable workflows

What’s not working?

“Deployment Environment” secrets are not available in reusable workflows

Job Log Output

 ...
    MY_SECRET:
 ...

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:37
  • Comments:37 (2 by maintainers)

github_iconTop GitHub Comments

29reactions
cb-shivamagarwalcommented, Jan 12, 2023

It would be great if GitHub allows us to use environment with reusable workflows in an intuitive way with good documentation.

27reactions
brandongallagher-tagcommented, Apr 25, 2022

Can this please be re-opened? This is just extremely inefficient and resulted in me having to move our deployment steps into the release steps workflow file which is unpleasant to look at and couples our entire release pipeline too closely together from a structural point of view.

How Github thought this was acceptable is beyond me.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Consuming Environment Secrets in Reusable Workflows
The documentation explains that reusable workflows can access secrets via the secrets keyword, and does mention environments, but it's not ...
Read more >
GitHub Actions fails to fetch secrets within reusable workflows
The problem. I have a reusable workflow template, that needs to access my environment secrets to login to Azure. I used the following...
Read more >
Github Actions Reusable Workflows Secrets Not working
I have added the domain secrets (such as aws access key and aws secret access key) to the domain Domain GH Workflows and...
Read more >
Simplify using secrets with reusable workflows
GitHub Actions simplifies using secrets with reusable workflows with the secrets: inherit keyword. Previously when passing secrets to a ...
Read more >
GitHub Actions: How to use reusable workflows to avoid ...
In this article, we'll see how we can use reusable workflows to avoid code duplication when deploying a Docker image (an ASP.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

GitHub Self Hosted Runners randomly stall when communicating with JobServerQueue

Next page

Actions: Variable substitution in commented lines