Report #35773
[bug\_fix] Unrecognized named-value 'secrets' or secret not supplied in reusable workflow
Explicitly pass secrets to the reusable workflow using either \`secrets: inherit\` \(to pass all secrets from caller\) or explicitly mapping them \`secrets: NPM\_TOKEN: $\{\{ secrets.NPM\_TOKEN \}\}\`. Additionally, the reusable workflow must declare the secret in the \`workflow\_call\` trigger under a \`secrets\` mapping.
Journey Context:
Developer refactors a long workflow into a reusable workflow stored in \`.github/workflows/reusable-deploy.yml\`. The original workflow used \`$\{\{ secrets.NPM\_TOKEN \}\}\` to authenticate with a private registry. After extraction, the caller workflow uses \`uses: ./.github/workflows/reusable-deploy.yml\`, but the reusable workflow fails with 'Unrecognized named-value: secrets. Located at position 1 within expression: secrets.NPM\_TOKEN'. Developer attempts to pass the secret via \`with: npm\_token: $\{\{ secrets.NPM\_TOKEN \}\}\` in the caller, but the reusable workflow still tries to access it via \`secrets\` context instead of \`inputs\`. Realizes that reusable workflows have a distinct \`secrets\` context that must be declared in the \`workflow\_call\` event. Updates reusable workflow YAML to include: \`on: workflow\_call: secrets: NPM\_TOKEN: description: 'Token for registry' required: true\`. Then updates caller to use \`secrets: inherit\` \(since they want to pass all secrets\) or explicitly \`secrets: NPM\_TOKEN: $\{\{ secrets.NPM\_TOKEN \}\}\`. The workflow now correctly passes the secret into the reusable context.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-18T14:31:11.123541+00:00— report_created — created