Skip to content

[Intentional] Secrets are not visible in forks #35145

@n3o77

Description

@n3o77

Description

It seems that secret variables are not properly passed to environment variables in actions. But i'm not 100% sure what's going wrong as I can't echo the secrets which makes debugging hard.

The secret is properly set in the repository where the workflow is running. I'm using the same secret in another workflow, in the same repository, passing it through docker/build-push-action and it's working there without any issues so i'm confident that the secret is properly defined.

i.E.:

.gitea/workflows/ci.yml

on:
  pull_request:

name: "Continuous Integration"

jobs:
  coding-standards:

    runs-on: ubuntu-latest

    strategy:
      matrix:
        operating-system: [ubuntu-latest]
        php-versions: ['8.3']

    name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}

    env:
      extensions: mbstring
      key: cache-v1

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: ${{ env.extensions }}

      - name: "Install locked dependencies with composer"
        run: composer install --no-interaction --no-progress
        env:
          COMPOSER_AUTH: ${{ secrets.GT_COMPOSER_AUTH }}

With this no authentication is used. And the install failes.

When i'm trying with this:

...
        env:
           COMPOSER_AUTH: '{"http-basic": {"gitea_url": {"username": "myusername", "password": "${{ secrets.GT_TOKEN }}"}}}'
...

Then authentication is used with myusername but fails because the password is empty. If i'm setting the password instead of using the secret everything works fine.

Gitea Version

1.24.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Docker Image

Database

MySQL/MariaDB

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/not-a-bugThe reported issue is the intended behavior or the problem is not inside Gitea

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions