github
Mention that composite actions can't access the `secrets` context
Code of Conduct
- [X] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
What part(s) of the article would you like to see updated?
Add in a section / column for composite actions which highlights what contexts are and aren't avaliable to them
Additional information
No response
edited by maintainer
Content plan
Here is the writer's review for this issue
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
tree
Turbulence on. 1==1
1--1
And. . S. Z.
. /|]
Okay. . /
.
-----
__
@toast-gear Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:
👋 @toast-gear, sorry for the delayed reply. I'm pretty sure that composite actions have the same access to contexts as any other action has, so I'm not sure a docs update would be needed here. I'll double-check with the engineering team.
Ok, i've confirmed that composite actions steps have access to the same contexts a normal job level step has, except for the secrets context.
This because of security concerns; so if you want to pass a secret to a composite action, you need to do it explicitly as an input.
I don't think we need another column in the Context availability table, but it should be mentioned in the section for the secrets context.
I'll tag this issue for anyone to submit a PR to add a sentence to that section explaining this condition 🙂
Hi! I've created https://github.com/github/docs/pull/21596 to address the note that @lucascosti pointed out above. Thanks!
