Use `secrets: inherit` - Githubissues

openrewrite / rewrite-github-actions

OpenRewrite recipes for performing GitHub action hygiene and migration tasks.

Apache License 2.0

9 stars 9 forks source link

Use `secrets: inherit` #89

Closed yeikel closed 5 months ago

yeikel commented 1 year ago

What precondition(s) should be checked before applying this recipe?

This only applies to re-usable workflows
The secrets key-value pair must be the same (ie: there are no transformations or aliasing)

Describe the situation before applying the recipe


  maven:
    uses: org/.github/workflows/maven.yml@main
    secrets:
      USERNAME: ${{ secrets.USERNAME }}
      PASSWORD: ${{ secrets.USERNAME }}

Describe the situation after applying the recipe


  maven:
    uses: org/.github/workflows/maven.yml@main
+   secrets: inherit
-    secrets:
-     USERNAME: ${{ secrets.USERNAME }}
-      PASSWORD: ${{ secrets.USERNAME }}

This should be left untouched because the secrets are transformed :


  maven:
    uses: org/.github/workflows/maven.yml@main
    secrets:
      MY_CUSTOM_USERNAME_KEY: ${{ secrets.USERNAME }}
      PASSWORD: ${{ secrets.USERNAME }}

Any additional context

https://github.blog/changelog/2022-05-03-github-actions-simplify-using-secrets-with-reusable-workflows/ https://stackoverflow.com/questions/71524542/how-to-use-reusable-github-workflows-and-keep-secrets-in-a-single-place