github
Document limitation with reusable workflows
Code of Conduct
- [X] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations
What part(s) of the article would you like to see updated?
The Limitations section.
If you create a reusable workflow in repository A and that workflow uses a composite action defined also in repository A, you cannot use the reusable workflow from repository B.
This community discussion does a good job illustrating the issue, but basically the upstream workflow assumes that the composite action will be in the context of repository B's files when it should be looking in repository A's files.
The error you receive in repository B's actions output is similar to the below, which I copied from the linked discussion thread:
Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/CLIENT/REPO/generate-docker-tags@master'. Did you forget to run actions/checkout before running your local action?
Additional information
No response
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
Just wondering: it sounds like it would be trivial to fix the runner software to look in the right repo, but the security aspect might not be as simple? (checking for allowed actions)
Just wondering: it sounds like it would be trivial to fix the runner software to look in the right repo, but the security aspect might not be as simple? (checking for allowed actions)
Indeed, I'd be happy to withdraw this issue and PR if GitHub can instead remove the limitation. It would be great to have Reusable Composite Actions