github-app-token icon indicating copy to clipboard operation
github-app-token copied to clipboard

Published 20 hours ago verified publisher icon tibdex

private_key input should be in the secrets

Open spender0 opened this issue 2 years ago • 3 comments

according to https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow private_key should be in secrets

If I put the action into my reusable workflow GitHub automatically removes private_key input and I get the error:

Run tibdex/[email protected]
  with:
    app_id: my app id
    installation_id: my id 
    repository: my repo name
 
Error: Error: Input required and not supplied: private_key

spender0 avatar May 21 '22 10:05 spender0

private_key should be in secrets

Where?

  • Not in action.yml because secret is not part of the metadata syntax for actions.
  • Not in README.md because the workflow shown there is not meant to be reusable: it's only an example.

If you define your own reusable workflows then yes you could use the secrets keyword in your workflow_call.

tibdex avatar Jul 09 '22 16:07 tibdex

Hi @tibdex, yes, you are right! Then I don't know how to fix the problem, if I put this action into a reusable workflow the private_key seems to be removed automatically. Probably, because it is not safe to pass a secret via inputs.

spender0 avatar Jul 11 '22 06:07 spender0

@spender0 if what you're saying is true, then below may be a workaround:

uses: my-reusable-workflows/.github/workflows/my-workflow.yml@main
secrets: inherit

kkdrz avatar Aug 03 '22 13:08 kkdrz