秘密不会从 github 操作秘密传递到 github 操作中的可重用工作流

我在 github 操作中创建了秘密并尝试在可重用的工作流程中使用它们,但我无法使其工作,但是,如果我通过调用者文件硬编码的秘密,它工作得很好

## set_env.yml
name: Sent Env Creds and Vars

on:
  push:
    branches:
      - main
      - dev
  pull_request:
    branches: [ main ]

jobs:
  deploy-dev:
    uses: ./.github/workflows/main.yml
    with:
      AWS_REGION: "us-east-2"
      PREFIX: "dev"
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}

可重用工作流 = main.yml

## main.yml
name: Deploy to AWS  

# Controls when the workflow will run
on:
  workflow_call:
    inputs:
      AWS_REGION:
        required: true
        type: string
      PREFIX:
        required: true
        type: string
    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  terraform-deploy:
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      # Runs a set of commands using the runners shell
      - name: Run a multi-line script
        run: | 
                echo Hello, Epsilon! You are in ${{ inputs.AWS_REGION }} region ${{ inputs.PREFIX }} region 
                for dir in $(ls -l | grep '^d' | awk '{print $9}'); do
                    PARENT_DIR=`pwd`
                    echo $dir
                    cd $dir
                    terraform init -backend-config=${PARENT_DIR}/${{ inputs.PREFIX }}-backend.tfvars
                    terraform validate
                    terraform plan -var-file=${{ inputs.PREFIX }}_vars.tfvars
                    ## terraform apply -input=false -auto-approve -var-file=${{ inputs.PREFIX }}_vars.tfvars
                    cd ..
                done
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

如果我在调用 main.yml 时在 set_env.yml 中对秘密进行硬编码,如下所示,它就可以工作

  jobs:
      deploy-dev:
        uses: ./.github/workflows/main.yml
        with:
          AWS_REGION: "us-east-2"
          PREFIX: "dev"
        secrets:
          AWS_ACCESS_KEY_ID: <harcoded value>
          AWS_SECRET_ACCESS_KEY: <hardcoded value>

我一直试图让它在很多方面发挥作用,但没有奏效。请帮忙

stack overflow Secrets doesnt pass from github action secrets to reusable workflow in github actions
原文答案

答案:

作者头像

从 2022 年 5 月 3 日起,现在可以使用新关键字 inherithttps://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecretsinherit

在调用工作流中,您告诉它继承可重用工作流中的秘密:

jobs:
  deploy-dev:
    uses: ./.github/workflows/main.yml
    with:
      AWS_REGION: "us-east-2"
      PREFIX: "dev"
    secrets: inherit

这使得秘密在可重用工作流程中像往常一样可用:

with:
  myInput: ${{ secrets.MY_SECRET }}

请注意,无需在 workflow_call 触发器上声明秘密。

作者头像

我遇到了这个问题。对我来说,罪魁祸首是 Github Secrets 中的秘密值。该秘密已正确创建,它具有正确的值和名称,但 Github 操作由于某种原因无法找到它。删除秘密并重新创建它似乎已经解决了这个问题,但我无法确定原因