From 6fa9487476737c7a03aafd3ebbc765dd6362237c Mon Sep 17 00:00:00 2001 From: Snider Date: Tue, 30 Sep 2025 14:26:25 +0100 Subject: [PATCH] Inherit secrets in build workflow jobs Added 'secrets: inherit' to all reusable workflow job calls in _on-pr.yml and _on-release.yml to ensure secrets are properly passed to downstream workflows. This change improves security and consistency in CI/CD processes. --- .github/workflows/_on-pr.yml | 7 ++++++- .github/workflows/_on-release.yml | 6 +++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_on-pr.yml b/.github/workflows/_on-pr.yml index 779d2e8c..dc2002b3 100644 --- a/.github/workflows/_on-pr.yml +++ b/.github/workflows/_on-pr.yml @@ -20,6 +20,7 @@ jobs: (github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') || (github.event.review.state == 'approved' && !github.event.pull_request.draft) uses: ./.github/workflows/build-linux-intel.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} @@ -29,6 +30,7 @@ jobs: (github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') || (github.event.review.state == 'approved' && !github.event.pull_request.draft) uses: ./.github/workflows/build-linux-arm64.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} @@ -38,6 +40,7 @@ jobs: (github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') || (github.event.review.state == 'approved' && !github.event.pull_request.draft) uses: ./.github/workflows/build-windows-intel.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} @@ -47,6 +50,7 @@ jobs: (github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') || (github.event.review.state == 'approved' && !github.event.pull_request.draft) uses: ./.github/workflows/build-macos-arm64.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} @@ -56,6 +60,7 @@ jobs: (github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') || (github.event.review.state == 'approved' && !github.event.pull_request.draft) uses: ./.github/workflows/build-macos-intel.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} @@ -65,9 +70,9 @@ jobs: (github.actor == 'Snider' && github.event.pull_request.user.login == 'Snider') || (github.event.review.state == 'approved' && !github.event.pull_request.draft) uses: ./.github/workflows/build-docker.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} - secrets: inherit build-docs: name: Docs diff --git a/.github/workflows/_on-release.yml b/.github/workflows/_on-release.yml index 495c0595..bef4d946 100644 --- a/.github/workflows/_on-release.yml +++ b/.github/workflows/_on-release.yml @@ -40,12 +40,14 @@ jobs: build-linux-intel: name: Chain uses: ./.github/workflows/build-linux-intel.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} build-linux-arm: name: Chain uses: ./.github/workflows/build-linux-arm64.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} @@ -58,21 +60,23 @@ jobs: build-macos-arm64: name: Chain uses: ./.github/workflows/build-macos-arm64.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} build-macos-intel: name: Chain uses: ./.github/workflows/build-macos-intel.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} build-docker: name: Docker uses: ./.github/workflows/build-docker.yml + secrets: inherit with: chain-network: ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} - secrets: inherit build-docs: name: Docs