Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Actionlint does not support secrets: inherit with workflow_call #138

Closed
FalconerTC opened this issue May 10, 2022 · 3 comments
Closed

Actionlint does not support secrets: inherit with workflow_call #138

FalconerTC opened this issue May 10, 2022 · 3 comments

Comments

@FalconerTC
Copy link

When using workflow_call (https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow), secrets can be specified individually or you can set inherit to send all secrets automatically. eg from Github docs.

jobs:
  call-workflow-passing-data:
    uses: octo-org/example-repo/.github/workflows/reusable-workflow.yml@main
    with:
      username: mona
    secrets: inherit

This results in the following ActionLint errors in the calling workflow

 "secrets" section is scalar node but mapping node is expected [syntax-check]
  secrets: inherit

And the following in the receiving workflow for any undeclared secrets

property "vault_url" is not defined in object type {github_token: string; actions_step_debug: string; actions_runner_debug: string} [expression]
@FalconerTC FalconerTC changed the title Actionlint does not support inherit workflow_call Actionlint does not support secrets: inherit with workflow_call May 10, 2022
@rhysd
Copy link
Owner

rhysd commented May 10, 2022

This feature was added very recently. So it is not supported yet. I will add the support at next version.

@FalconerTC
Copy link
Author

Fair enough. Didn't see any other issues tracking it

@prein
Copy link

prein commented Nov 21, 2022

I'm using 1.6.22 and getting this false positive as well.
It's not only secrets: inherit but also permissions:. I think it's only these two that differ from "regular" step (https://docs.github.com/en/actions/using-workflows/reusing-workflows#supported-keywords-for-jobs-that-call-a-reusable-workflow)
Example:

    - name: test
      permissions:
        checks: write
        contents: read
      secrets: inherit
      uses: ./.github/workflows/reusable-test.yaml
      with:
        foo: ${{ inputs.foo }}

throws:

[...] unexpected key "secrets" for "step" section. expected one of "continue-on-error", "env", "id", "if", "name", "run", "shell", "timeout-minutes", "uses", "with", "working-directory" [syntax-check]
   |
73 |         secrets: inherit
   |         ^~~~~~~~
[...] unexpected key "permissions" for "step" section. expected one of "continue-on-error", "env", "id", "if", "name", "run", "shell", "timeout-minutes", "uses", "with", "working-directory" [syntax-check]
   |
74 |         permissions:
   |         ^~~~~~~~~~~~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants