Charon/blockchain
1
0
Fork 0
forked from lthn/blockchain
Code Pull requests Activity

Inherit secrets in build workflow jobs

Browse source 
Added 'secrets: inherit' to all reusable workflow job calls in _on-pr.yml and _on-release.yml to ensure secrets are properly passed to downstream workflows. This change improves security and consistency in CI/CD processes.
This commit is contained in:
Snider 2025-09-30 14:26:25 +01:00
parent 3dd7d82b62
commit 6fa9487476
2 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.github/workflows/_on-pr.yml vendored
View file

@ -20,6 +20,7 @@ jobs:
(github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') ||
(github.event.review.state == 'approved' && !github.event.pull_request.draft)
uses: ./.github/workflows/build-linux-intel.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
@ -29,6 +30,7 @@ jobs:
(github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') ||
(github.event.review.state == 'approved' && !github.event.pull_request.draft)
uses: ./.github/workflows/build-linux-arm64.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
@ -38,6 +40,7 @@ jobs:
(github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') ||
(github.event.review.state == 'approved' && !github.event.pull_request.draft)
uses: ./.github/workflows/build-windows-intel.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
@ -47,6 +50,7 @@ jobs:
(github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') ||
(github.event.review.state == 'approved' && !github.event.pull_request.draft)
uses: ./.github/workflows/build-macos-arm64.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
@ -56,6 +60,7 @@ jobs:
(github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') ||
(github.event.review.state == 'approved' && !github.event.pull_request.draft)
uses: ./.github/workflows/build-macos-intel.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
@ -65,9 +70,9 @@ jobs:
(github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') ||
(github.event.review.state == 'approved' && !github.event.pull_request.draft)
uses: ./.github/workflows/build-docker.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
secrets: inherit
build-docs:
name: Docs

6
.github/workflows/_on-release.yml vendored
View file

@ -40,12 +40,14 @@ jobs:
build-linux-intel:
name: Chain
uses: ./.github/workflows/build-linux-intel.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
build-linux-arm:
name: Chain
uses: ./.github/workflows/build-linux-arm64.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
@ -58,21 +60,23 @@ jobs:
build-macos-arm64:
name: Chain
uses: ./.github/workflows/build-macos-arm64.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
build-macos-intel:
name: Chain
uses: ./.github/workflows/build-macos-intel.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
build-docker:
name: Docker
uses: ./.github/workflows/build-docker.yml
secrets: inherit
with:
chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
secrets: inherit
build-docs:
name: Docs