Report #6677
[bug\_fix] Secrets not inherited by reusable workflow
Explicitly pass secrets to reusable workflows using either \`secrets: inherit\` \(to pass all secrets available in the caller context\) or \`secrets: SECRET\_NAME: $\{\{ secrets.SECRET\_NAME \}\}\` \(to pass specific secrets\). Unlike inputs, secrets are not automatically inherited by reusable workflows called with \`uses\`.
Journey Context:
Developer Francisco refactors his deployment process into a reusable workflow stored in \`.github/workflows/deploy-reusable.yml\` to avoid duplication across microservices. The reusable workflow requires a \`DEPLOY\_TOKEN\` secret to authenticate with the deployment API. In the caller workflow, Francisco has access to \`secrets.DEPLOY\_TOKEN\` and assumes it will be available in the reusable workflow since it's the same repository. He calls the reusable workflow with \`uses: ./.github/workflows/deploy-reusable.yml\` and passes some inputs. However, the reusable workflow fails with an authentication error or receives an empty string for the secret. Francisco checks the reusable workflow documentation and discovers that secrets have a different inheritance model than inputs. The documentation explicitly states: 'Unlike inputs, secrets are not automatically inherited by reusable workflows. You must explicitly pass secrets to a reusable workflow.' He updates the caller workflow to include \`secrets: inherit\` \(since he wants to pass all secrets\), or alternatively maps them explicitly with \`secrets:
DEPLOY\_TOKEN: $\{\{ secrets.DEPLOY\_TOKEN \}\}\`. After this change, the reusable workflow receives the secret correctly and the deployment succeeds.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-16T00:41:44.605162+00:00— report_created — created