英文:
Can I dispatch a GitHub reusable workflow that uses secrets?
问题
我创建了一个可重用的工作流来运行单元测试。
在主工作流中,我调用这个工作流并将密钥作为参数传递。
有时我还想要在 GitHub 网页界面手动触发这个工作流,所以我添加了 workflow_dispatch。
然而,当我这样做时,我收到错误消息:Error: Input required and not supplied: token。我需要做什么才能在手动触发工作流时访问这些密钥?
我感到困惑,因为在我的主工作流(由 workflow_dispatch 触发)中,我不需要做任何特殊操作来访问这些密钥。所以我不明白为什么当通过 workflow_dispatch 触发时,这个工作流不会自动从仓库获取这些密钥:
name: unit-tests
on:
workflow_dispatch:
workflow_call:
secrets:
PAT_GITHUB:
required: true
jobs:
update-checker:
runs-on: ubuntu-latest
steps:
- name: "Check out this repo and submodules."
uses: actions/checkout@v3
with:
submodules: true
token: ${{ secrets.PAT_GITHUB }}
timeout-minutes: 3
当我从另一个工作流中调用这个工作流并传递密钥时,它按预期执行。
但是当我从网页界面手动触发这个工作流时(如下面的截图所示),它失败了:
在同一个工作流中使用 workflow_dispatch 和 workflow_call 是可能的吗?如果可以,那么在使用 workflow_dispatch 时,我该如何访问这些密钥?
英文:
I created a reusable workflow to run unit tests.
In the main workflow, I call this workflow and pass the secrets as arguments.
I also want to trigger this workflow manually sometimes from the GitHub web UI, so I added workflow_dispatch.
However, when I do that, I get the error: Error: Input required and not supplied: token. What do I need to do to get access to the secrets when triggering my workflow manually?
I'm confused because in my main workflow (which is triggered by workflow_dispatch), I don't need to do anything special to access the secrets. So I don't understand why this workflow doesn't automatically get access to the secrets from the repo when triggered by workflow_dispatch, too:
name: unit-tests
on:
workflow_dispatch:
workflow_call:
secrets:
PAT_GITHUB:
required: true
jobs:
update-checker:
runs-on: ubuntu-latest
steps:
- name: "Check out this repo and submodules."
uses: actions/checkout@v3
with:
submodules: true
token: ${{ secrets.PAT_GITHUB }}
timeout-minutes: 3
When I call this workflow from another workflow and pass the secrets, it executes as expected.
But when I dispatch this workflow from the web UI (screenshot below), it fails:
Is it possible to use workflow_dispatch and workflow_call in the same workflow? If so, how do I access the secrets when using workflow_dispatch?
答案1
得分: 1
你必须从调用者传递你的机密。
jobs:
call-workflow-unit-tests:
uses: octo-org/example-repo/.github/workflows/reusable-unit-test-wf.yml@main
secrets:
PAT_GITHUB: ${{ secrets.PAT_GITHUB }}
或者你可以使用 secrets: inherit:
jobs:
call-workflow-unit-tests:
uses: octo-org/example-repo/.github/workflows/reusable-unit-test-wf.yml@main
secrets: inherit
参见:
英文:
You have to pass your secrets from the caller.
jobs:
call-workflow-unit-tests:
uses: octo-org/example-repo/.github/workflows/reusable-unit-test-wf.yml@main
secrets:
PAT_GITHUB: ${{ secrets. PAT_GITHUB }}
Or you can use secrets: inherit:
jobs:
call-workflow-unit-tests:
uses: octo-org/example-repo/.github/workflows/reusable-unit-test-wf.yml@main
secrets: inherit
See:
答案2
得分: 0
问题在于我错误地在可重用的工作流中将秘钥重命名了。
所以在主工作流中,我有一个叫做 GITHUB_PAT 的秘钥,但是我的可重用工作流却将它称为 PAT_GITHUB。因为在调用工作流中,我将 GITHUB_PAT 传递给了 PAT_GITHUB,所以这个是有效的,但是派发操作失败了。
所以这里的规则是,如果你想在可重用的工作流中使用也可以被派发的秘钥,你就不能重命名这些秘钥!
英文:
The issue was that I had renamed the secret by mistake in my reusable workflow.
So in the main workflow, I had a secret called GITHUB_PAT, but my reusable workflow called it PAT_GITHUB. Since I passed GITHUB_PAT to PAT_GITHUB in the calling workflow, that worked, but the dispatch failed.
So the rule here is that if you want to use secrets in a reusable workflow that can also be dispatched, you can't rename the secrets!
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论