Configuration variables are empty when passed as secrets to reusable workflow

[romikoops]

Describe the bug Configuration variables (introduced recently by Github) are empty when passed as secrets to a reusable workflow.

To Reproduce Steps to reproduce the behavior:

1. Setup a Repository or Organization based configuration variable in settings:

MY_VAR=some-value

2. Create a test reusable workflow with some secret as a parameter, like:

on:
  workflow_call:
    secrets:
      my-secret:
        required: false
jobs:
  my-job:
    name: My Job
    runs-on: ubuntu-latest
    steps:
      - name: Test Vars
        run: |
          echo '${{ secrets.my-secret }}'  | sed 's/./& /g'
                  

3. Create a main workflow with a job that reusing workflow from previous step
4. Pass the configuration variable as a secret, like:

on:
  workflow_dispatch:
  
jobs:
  build:
    name: Step1
    uses: <my-org>/github-actions/.github/workflows/test-workflow.yaml@main
    secrets:
      my-secret: ${{ vars.MY_VAR }}

Expected behavior output of MY_VAR (with spaces between letters to unmask the value)

Runner Version and Platform

2.301.1

Ubuntu

What's not working?

If you modify the test, add inputs to reusable workflow and pass the var to the input at the same time with passing that to secrets, THAT WORKS! That is the reason, why it was qualified as a bug and not a feature.

Here is a workaround:

# Reusable workflow
on:
  workflow_call:
    secrets:
      my-secret:
        required: false
    inputs:
      my-input:
        required: false
        type: string
        default: ''
jobs:
  my-job:
    name: My Job
    runs-on: ubuntu-latest
    steps:
      - name: Test Vars
        run: |
          echo '${{ secrets.my-secret }}'  | sed 's/./& /g'

# Main workflow

on:
  workflow_dispatch:
  
jobs:
  build:
    name: Step1
    uses: <my-org>/github-actions/.github/workflows/test-workflow.yaml@main
    secrets:
      my-secret: ${{ vars.MY_VAR }}
    with:
      my-input:  ${{ vars.MY_VAR }}

[codebydant]

same problem for me

[christophbloemer0382]

Just changed some of my secrets to vars and now I have the same problem. Would be nice if this would work. Reverting now back to secrets.

[aromanio]

I have the opposite issue. Setting the secrets with vars works, setting the input with vars gives empty string.

[starlabs007]

Thanks for opening this before I wasted more time troubleshooting why my action variables weren't getting passed on.

What's bonkers is that this is partially working for me. That is, one of my vars is getting passed correctly via secrets... but the others aren't. Like @christophbloemer0382 I'll be reverting back to secrets until this is fixed.

[glency-betterteem]

As of the moment, this is still ongoing issue. using vars outputs blank.

[x4dr]

and here i was being confused. still an issue, output is blank and clicking edit retrieves a blank input (which might be intentional, as write only secrets?)

[ejm-hyesung]

having the same issue here tried with hard coded value with '' but it's also empty either

Run jakejarvis/s3-sync-action@master with: args: --acl public-read --delete env: AWS_S3_BUCKET: 'some-bucket' AWS_ACCESS_KEY_ID: 'access key' AWS_SECRET_ACCESS_KEY: 'secret access'

[michaelfr]

Hi, Same issue here after add new secret, I have 30 environment variables and it's not the latest who hare impacted when I add a new variable, but old. When I launch in debug mode, they are resolving to "null".

Its seems to be a regression, same king of bug in 2020

[tolga-ercan]

Any updates here? I have a job using repo secrets, and in one workflow file they resolve fine, and in another, they resolve to null. The difference between the two is that one workflow runs on macOS-latest, and the other runs on ubuntu-latest (iOS build vs Android build)

[amf-paulo-airship]

I am having same problem here. any updates ?

[glency-betterteem]

Hello. This is our working workflow in our codepush workflow. using environment and reusable workflow

main workflow main.yml

name: Android CodePush

on:
  workflow_call:
    inputs:
      environment:
        description: 'The environment to deploy to'
        required: true
        type: string

jobs:
  android-codepush:
    name: Android CodePush
    environment: ${{ inputs.environment }}
    runs-on: ubuntu-latest

    steps:
      - name: Check out Git repository # clone the repo to local ci workspace
        uses: actions/checkout@v3

    # ... other steps

      - name: Build Android Bundle
        run: yarn appcenter codepush release-react -a $APPCENTER_PROJECT_ANDROID -d $INPUT_ENVIRONMENT -m
        env:
          APPCENTER_ACCESS_TOKEN: ${{ secrets.APPCENTER_ACCESS_TOKEN_ANDROID }}
          INPUT_ENVIRONMENT: ${{ inputs.environment }}
          APPCENTER_PROJECT_ANDROID: ${{ vars.APPCENTER_PROJECT_ANDROID }}
    

workflow that reuse my main workflow staging-release.yml

name: Android CodePush Staging

on:
  workflow_dispatch:
  push:
    branches:
      - staging

jobs:
  android-codepush:
    name: Android CodePush
    uses: ./.github/workflows/main.yml # use the main.yml workflow
    # this line will transfer all secrets to main workflow
    secrets: inherit
    with:
      environment: staging

[askb]

Is there any update for this issue?

[jitran]

I tested with the reusable workflow from the original post and found that it's not an issue with the GitHub hosted runners. See the following tests:

Secrets only:

https://github.com/jitran/test-issue-2414/blob/main/.github/workflows/main.yml https://github.com/jitran/test-issue-2414/actions/runs/10661010845/job/29545864878

Secrets and inputs:

https://github.com/jitran/test-issue-2414/blob/64cd9965596bbad76b6457ec7538cdd5809c8311/.github/workflows/main.yml https://github.com/jitran/test-issue-2414/actions/runs/10660984596/job/29545797032