Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document some of the pitfalls of using private or internal reusable workflows in a public repo #35735

Open
1 task done
jsoref opened this issue Dec 20, 2024 · 1 comment
Open
1 task done

document some of the pitfalls of using private or internal reusable workflows in a public repo #35735

jsoref opened this issue Dec 20, 2024 · 1 comment
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review

Comments

@jsoref
Copy link
Contributor

jsoref commented Dec 20, 2024

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_iduses

What part(s) of the article would you like to see updated?

Add a warning

Warning

If you use uses: my-org/other-repo/.github/actions/shared-action@main then anyone who would trigger the workflow (as determined by on: ... conditions) especially in forks, but quite likely not limited to forks and doesn't have access to your my-org/other-repo repository will encounter an unfixable error of this form:

Invalid workflow file: .github/workflows/moda-ci.yaml#L86
error parsing called workflow ".github/workflows/moda-ci.yaml" -> "github/internal-actions/.github/workflows/docker_security.yml@main" : workflow was not found. See https://docs.github.com/actions/learn-github-actions/reusing-workflows#access-to-reusable-workflows for more information.

It's possible to avoid this by using a combination of a workflow_call with a jobs: / if: condition that guards against the user from tripping on the problem e.g. ${{ github.repository == 'github/docs-internal' }} and then have the on: workflow_call on the internal side be responsible for using the reusable workflow.

Additional information
@jsoref jsoref added the content This issue or pull request belongs to the Docs Content team label Dec 20, 2024
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Dec 20, 2024
@nguyenalex836 nguyenalex836 added actions This issue or pull request should be reviewed by the docs actions team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Dec 20, 2024
@nguyenalex836
Copy link
Contributor

@jsoref Thank you for raising this issue! I'll get this triaged for review ✨ Our team will provide feedback regarding the best next steps for this issue - thanks for your patience! 💛

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jsoref @nguyenalex836