document some of the pitfalls of using private or internal reusable workflows in a public repo #35735
Open
1 task done
Labels
actions
This issue or pull request should be reviewed by the docs actions team
content
This issue or pull request belongs to the Docs Content team
waiting for review
Issue/PR is waiting for a writer's review
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_iduses
What part(s) of the article would you like to see updated?
Add a warning
Warning
If you use
uses: my-org/other-repo/.github/actions/shared-action@main
then anyone who would trigger the workflow (as determined byon: ...
conditions) especially in forks, but quite likely not limited to forks and doesn't have access to yourmy-org/other-repo
repository will encounter an unfixable error of this form:Invalid workflow file: .github/workflows/moda-ci.yaml#L86
error parsing called workflow ".github/workflows/moda-ci.yaml" -> "github/internal-actions/.github/workflows/docker_security.yml@main" : workflow was not found. See https://docs.github.com/actions/learn-github-actions/reusing-workflows#access-to-reusable-workflows for more information.
It's possible to avoid this by using a combination of a
workflow_call
with ajobs:
/if:
condition that guards against the user from tripping on the problem e.g.${{ github.repository == 'github/docs-internal' }}
and then have theon: workflow_call
on the internal side be responsible for using the reusable workflow.Additional information
moda-ci.yaml
triggers an error in forks for anyone who doesn't have access to github/docs-internal #35731The text was updated successfully, but these errors were encountered: