actions
Passing in secrets to reusable workflow does not work
Describe the bug A clear and concise description of what the bug is.
A workflow which has been running fine recently has ceased running with the following error:
Secret GIT_PAT is required, but not provided while calling
- The secret is registered at the organisation level and I reset its value "just in case"
- In testing, I also added the secret to the repository to override the organisation default, no luck
- Secrets are configured in the requirements for the workflow
- Secrets inherit is in the calling logic.
I am at a loss
Runner Version and Platform
Version of your runner?
- Latest version
- Affects all self-hosted runners, windows & mac
What's not working?
Please include error messages and screenshots.
Secret GIT_PAT is required, but not provided while calling
Running into the same issue!
Having a regular workflow where I need to access a secret from the organization level but the secret is empty and not passed down to the workflow execution.
(Not even a reusable workflow)
Even a simple - run: echo ${{ secrets.MY_SECRET }} is not working
Even a simple - run: echo ${{ secrets.MY_SECRET }} is not working
Well @lukasholzer, I believe that is by design, the contents of a secret are never printed.
Are you saying you are receiving the same error, that the "MY_SECRET" was not provided?
@SimonDarksideJ slightly different error message but for the same reason. It stopped working (on June 5th it was working).
I've a secret here that is not passed to the action via a ${{ secrets.MY_SECRET }}
And if you echo a secret it should be displayed normally with **** in the UI if it has a value. but in this case nothing is printed
Thanks for clarifying @lukasholzer that does seem like the same issue, hopefully the team will pick this up soon.
Hey, this is over 1 year old... I just run into an issue which seems to be related.
--> calling workflow
jobs:
call-workflow-passing-secrets:
uses: org/repo/.github/workflows/called-workflow.yml
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
--> called workflow
name: Called workflow
on:
workflow_call:
secrets:
DOCKERHUB_USERNAME:
required: true
DOCKERHUB_PASSWORD:
required: true
jobs:
called-workflow-passing-secrets:
runs-on: ubuntu-latest
steps:
- uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
This works within the same repo/org if appropriate secrets are set. However, it does not work from a forked repo even though the needed secrets for the fork are set at the fork repo level and obviously passed explicitly in the calling workflow. I get Error: Username and password required. Looking at the debug output it shows: ##[debug]Evaluating: secrets.DOCKERHUB_TOKEN ##[debug]Evaluating Index: ##[debug]..Evaluating secrets: ##[debug]..=> Object ##[debug]..Evaluating String: ##[debug]..=> 'DOCKERHUB_TOKEN' ##[debug]=> null ##[debug]Result: null
Bump, this doesn't work when calling reusable workflows from a different repo.
Same issue here. However, I noticed that the same code works on the main branch but doesn't work on feature branches(in PRs).
UPD: During further investigation, I noticed that the actions on PRs from our ORG users work well, while I see this behavior on PRs created by dependabot. UPD2: Here's the issue & resolution for my case: https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-852541544
