Report #17030
[bug\_fix] Unrecognized named-value: 'env' or 'github' inside composite action steps
Define the required values as \`inputs\` in the composite action's definition and pass them explicitly from the calling workflow. Root cause: Composite actions run in an isolated context and cannot directly access the workflow-level \`env\`, \`vars\`, or \`github\` contexts \(except for specific properties like \`github.action\_path\`\). They must receive all external data explicitly through the \`inputs\` mechanism.
Journey Context:
A developer creates a reusable composite action to standardize linting across multiple repositories. The action is defined in \`.github/actions/lint/action.yml\`. Inside the composite steps, they try to reference an environment variable defined at the workflow level: \`$\{\{ env.LINTER\_VERSION \}\}\`. When the workflow runs, it fails immediately with "Unrecognized named-value: 'env'. Available contexts: 'github', 'inputs', 'matrix', 'needs', 'strategy', 'vars'". The developer is confused because \`env\` works in regular workflow steps. They try \`github.env.LINTER\_VERSION\` which also fails. They search for "composite action env context" and find GitHub documentation stating that composite actions have restricted context access. They realize they must modify the action.yml to define an input \`linter-version\`, update all calling workflows to pass \`with: linter-version: $\{\{ env.LINTER\_VERSION \}\}\`, and update the composite steps to use \`$\{\{ inputs.linter-version \}\}\`. The root cause was the architectural isolation of composite actions which prevents implicit context leakage from the caller.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-17T04:18:20.965976+00:00— report_created — created