Report #101974
[bug\_fix] Reusable workflow fails with 'Unexpected value' for secrets or 'Secret ... is not available' when called from another workflow
Pass secrets explicitly to the reusable workflow using \`secrets:\` mapping, or use \`secrets: inherit\` \(available for workflows within the same organization/enterprise or when caller and called repo share trust\) to forward all caller secrets. Reusable workflows do not automatically inherit secrets from the caller; inputs and secrets must be declared in the called workflow and explicitly passed at the call site.
Journey Context:
You extract a common deploy job into a reusable workflow in \`.github/workflows/deploy.yml\` and call it from \`ci.yml\` with \`uses: ./.github/workflows/deploy.yml\`. The caller has \`AWS\_ACCESS\_KEY\_ID\` and \`AWS\_SECRET\_ACCESS\_KEY\` set as repository secrets, but the reusable workflow fails at runtime saying the secrets are missing. You check the env vars and confirm they exist in the caller. After reading the reusable-workflow docs you notice that secrets must be explicitly wired: you either list each secret \(\`secrets: AWS\_ACCESS\_KEY\_ID: $\{\{ secrets.AWS\_ACCESS\_KEY\_ID \}\}\`\) or, because both workflows live in the same organization, you use \`secrets: inherit\`. You switch to \`inherit\`, the secrets flow through, and the deploy succeeds.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T04:45:32.490447+00:00— report_created — created