ExampleMod1.7.10 icon indicating copy to clipboard operation
ExampleMod1.7.10 copied to clipboard
verified publisher icon GTNewHorizons

Github Workflow Secrets are not `inherit`-ed due to Github Restriction

Open Taskeren opened this issue 11 months ago • 1 comments

Talked in Discord: https://discord.com/channels/181078474394566657/603348502637969419/1345471366253510656

Github document said that the secrets are not shared across orgranizations or enterprise.

This will cause the step of publishing to maven repository not working consistently, without any warning.

I recommend to flat the workflow calls when creating the template of this ExampleMod (copy the workflow in the GTNH repo to the artifact zip), so we can keep the functionality for it. Or, at least have a comment on it, to warn users like me that this will not work, instead of debugging for about 2 hrs.

And there are 2 ways to resolve this problem before there is a patch:

  1. https://github.com/sousuke0422/ProjectE/blob/MC17/.github/workflows/release-tags.yml Just simply fork the whole workflow repo, and replace it in the dependant projects.
  2. ~~https://github.com/Roadhog360/Et-Futurum-Requiem/blob/master/.github/workflows/release-tags.yml~~* Or just simply copy the referenced one to the workflow in the project. *: copying is working, but the referenced sample is not. You'll need to modify the trigger to make it being invoked.

Also don't forget to set the Maven Repository Workflow Variable, because the workflow don't respect the value set in gradle.properties, as I reported it here.

Taskeren avatar Mar 01 '25 19:03 Taskeren

Quick note; the linked document does not explicitly say that secrets are not shared across organizations/enterprises. It simply states:

Workflows that call reusable workflows in the same organization or enterprise can use the inherit keyword to implicitly pass the secrets.

This implies that workflows not inside the same organization or enterprise cannot use this functionality.

It's worth noting, though, that the Workflow Syntax Docs for jobs.<job_ib>.secrets.inherit does mention it more explicitly, stating:

This includes all secrets the calling workflow has access to, namely organization, repository, and environment secrets. The inherit keyword can be used to pass secrets across repositories within the same organization, or across organizations within the same enterprise.

TL;DR - GitHub's documentation is trash, as usual.

Personally, I think the solution here is to not rely on an external workflow at all. An example/template repository should be usable immediately with minimal fuss. So, either:

  1. Remove that workflow or,
  2. Integrate it into this repository as a stand-alone thing.

My two cents.

glektarssza avatar May 06 '25 21:05 glektarssza