[Feature] Apply principle of least privilege to secrets in workflow_call #49
Description
Summary
Investigate whether secrets: inherit can be replaced with explicit per-secret forwarding in the PR orchestrator's workflow_call to the security review workflow, following the principle of least privilege.
Problem statement
The PR orchestrator (pr-orchestrator.yml) currently uses secrets: inherit when calling security-review.lock.yml via workflow_call. This passes all repository secrets to the reusable workflow, violating the principle of least privilege. Ideally, only the secrets actually needed (COPILOT_GITHUB_TOKEN, GH_AW_GITHUB_TOKEN, GH_AW_GITHUB_MCP_SERVER_TOKEN) should be forwarded.
The blocker is that the compiled security-review.lock.yml (generated by gh aw compile) does not declare named secrets: inputs under its on: workflow_call: trigger — it references secrets directly. This means callers cannot pass secrets individually and must use secrets: inherit.
Proposed solution
- Check if future versions of
gh-awsupport declaring explicitsecrets:inputs in compiled lock files. - If supported, update the orchestrator to pass secrets one by one:
security-review: uses: ./.github/workflows/security-review.lock.yml secrets: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- Remove
secrets: inheritfrom the orchestrator once explicit forwarding is possible.
Alternatives considered
- Keep
secrets: inherit— current approach; functional but overly permissive. - Wrap the lock file in a thin reusable workflow that declares explicit secret inputs and forwards them — adds maintenance overhead and an extra workflow layer.
Additional context
gh-awversion: v0.46.3- GitHub Actions docs on reusable workflow secrets: https://docs.github.com/en/actions/sharing-automations/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow
gh-awdocs: https://github.github.com/gh-aw/