Search code examples
continuous-integrationgithub-actions

Secret interpolation is giving syntax error in caller workflow when calling a resusable workflow in GitHub Action

I am using reusable workflow and when passing a secrets from caller workflow to reusable workflow, I am getting following syntax error:

The workflow is not valid. .github/workflows/caller_workflow.yml (Line: 28, Col: 28): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.SECRET_1 .github/workflows/caller_workflow.yml (Line: 29, Col: 22): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.SECRET_2

Not sure why the interpolation is not working.

This is my caller workflow caller_workflow.yml(giving above error):

name: Build workflow
on:
  push:
    branches:
      - dev
      - main
  pull_request:
    types:
      - opened
      - edited
      - reopened
    branches:
      - main
      - dev

jobs:
  # reference: https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#example-caller-workflow
  org-checks:
    uses: repo/.github/workflows/main_workflow.yml@main
    with:
      SECRET_1: ${{ secrets.SECRET_1 }}
      SECRET_2: ${{ secrets.SECRET_2 }}

This is my reusable workflow:

name: CI workflow
on:
  workflow_call:  # enables this workflow to be reusable for other repo
    secrets:
      SECRET_1:
        description: 'secret 1'
      SECRET_2:
        description: 'secret 2'
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - edited
      - reopened
    branches:
      - main

jobs:
  job-name-to-run:
       ...... ......

secrets in other flow are working all fine with the same syntax.

Solution

  • I was passing a secret in the wrong way. In my workflow, the secrets were passed using the with input parameter hence the error. with will work fine while passing the input to the called (reusable) workflow but not for secrets. For passing the secrets use secrets parameter.

    Here is updated caller_workflow.yaml :

    name: Build workflow
on:
  push:
    branches:
      - dev
      - main
  pull_request:
    types:
      - opened
      - edited
      - reopened
    branches:
      - main
      - dev

jobs:
  # reference: https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#example-caller-workflow
  org-checks:
    uses: repo/.github/workflows/main_workflow.yml@main
    secrets:
      SECRET_1: ${{ secrets.SECRET_1 }}
      SECRET_2: ${{ secrets.SECRET_2 }}

    (removed with and added secrets)

    Reference: Reusing workflows - example-caller-workflow